gtls: honor --[no-]alpn command line switch

author Fabian Frank <fabian@pagefault.de>

Tue, 11 Feb 2014 06:18:11 +0000 (22:18 -0800)

committer Daniel Stenberg <daniel@haxx.se>

Tue, 11 Feb 2014 21:54:37 +0000 (22:54 +0100)
author Fabian Frank <fabian@pagefault.de>
Tue, 11 Feb 2014 06:18:11 +0000 (22:18 -0800)
committer Daniel Stenberg <daniel@haxx.se>
Tue, 11 Feb 2014 21:54:37 +0000 (22:54 +0100)
diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c

index 326af386fc8ca685dfe0236d692104b0ea6b92e9..5d335e849cde195588c0d066c189b259fe282229 100644 (file)
--- a/lib/vtls/gtls.c
+++ b/lib/vtls/gtls.c
@@ -570,13 +570,20 @@ gtls_connect_step1(struct connectdata *conn,
  #endif
  
  #ifdef HAS_ALPN
-  protocols[0].data = NGHTTP2_PROTO_VERSION_ID;
-  protocols[0].size = NGHTTP2_PROTO_VERSION_ID_LEN;
-  protocols[1].data = ALPN_HTTP_1_1;
-  protocols[1].size = ALPN_HTTP_1_1_LENGTH;
-  gnutls_alpn_set_protocols(session, protocols, protocols_size, 0);
-  infof(data, "ALPN, offering %s, %s\n", NGHTTP2_PROTO_VERSION_ID,
-        ALPN_HTTP_1_1);
+  if(data->set.httpversion == CURL_HTTP_VERSION_2_0) {
+    if(data->set.ssl_enable_alpn) {
+      protocols[0].data = NGHTTP2_PROTO_VERSION_ID;
+      protocols[0].size = NGHTTP2_PROTO_VERSION_ID_LEN;
+      protocols[1].data = ALPN_HTTP_1_1;
+      protocols[1].size = ALPN_HTTP_1_1_LENGTH;
+      gnutls_alpn_set_protocols(session, protocols, protocols_size, 0);
+      infof(data, "ALPN, offering %s, %s\n", NGHTTP2_PROTO_VERSION_ID,
+            ALPN_HTTP_1_1);
+    }
+    else {
+      infof(data, "SSL, can't negotiate HTTP/2.0 without ALPN\n");
+    }
+  }
  #endif
  
    if(rc != GNUTLS_E_SUCCESS) {
@@ -867,23 +874,26 @@ gtls_connect_step3(struct connectdata *conn,
    infof(data, "\t MAC: %s\n", ptr);
  
  #ifdef HAS_ALPN
-  rc = gnutls_alpn_get_selected_protocol(session, &proto);
-  if(rc == 0) {
-    infof(data, "ALPN, server accepted to use %.*s\n", proto.size, proto.data);
-
-    if(proto.size == NGHTTP2_PROTO_VERSION_ID_LEN &&
-      memcmp(NGHTTP2_PROTO_VERSION_ID, proto.data,
-      NGHTTP2_PROTO_VERSION_ID_LEN) == 0) {
-      conn->negnpn = NPN_HTTP2_DRAFT09;
+  if(data->set.ssl_enable_alpn) {
+    rc = gnutls_alpn_get_selected_protocol(session, &proto);
+    if(rc == 0) {
+      infof(data, "ALPN, server accepted to use %.*s\n", proto.size,
+          proto.data);
+
+      if(proto.size == NGHTTP2_PROTO_VERSION_ID_LEN &&
+        memcmp(NGHTTP2_PROTO_VERSION_ID, proto.data,
+        NGHTTP2_PROTO_VERSION_ID_LEN) == 0) {
+        conn->negnpn = NPN_HTTP2_DRAFT09;
+      }
+      else if(proto.size == ALPN_HTTP_1_1_LENGTH && memcmp(ALPN_HTTP_1_1,
+          proto.data, ALPN_HTTP_1_1_LENGTH) == 0) {
+        conn->negnpn = NPN_HTTP1_1;
+      }
      }
-    else if(proto.size == ALPN_HTTP_1_1_LENGTH && memcmp(ALPN_HTTP_1_1,
-        proto.data, ALPN_HTTP_1_1_LENGTH) == 0) {
-      conn->negnpn = NPN_HTTP1_1;
+    else {
+      infof(data, "ALPN, server did not agree to a protocol\n");
      }
    }
-  else {
-    infof(data, "ALPN, server did not agree to a protocol\n");
-  }
  #endif
  
    conn->ssl[sockindex].state = ssl_connection_complete;
author	Fabian Frank <fabian@pagefault.de>
	Tue, 11 Feb 2014 06:18:11 +0000 (22:18 -0800)
committer	Daniel Stenberg <daniel@haxx.se>
	Tue, 11 Feb 2014 21:54:37 +0000 (22:54 +0100)