MINOR: ssl: Add ssl_sock_set_alpn().

Add a new function, ssl_sock_set_alpn(), to be able to change the ALPN for a connection, instead of relying of the one defined in the SSL_CTX.
2018-12-21 19:45:40 +01:00 · 2018-12-21 19:45:40 +01:00 · ab28a320aa
commit ab28a320aa
parent 21944019ca
2 changed files with 9 additions and 0 deletions
--- a/include/proto/ssl_sock.h
+++ b/include/proto/ssl_sock.h
@ -54,7 +54,9 @@ const char *ssl_sock_get_sni(struct connection *conn);
 const char *ssl_sock_get_cert_sig(struct connection *conn);
 const char *ssl_sock_get_cipher_name(struct connection *conn);
 const char *ssl_sock_get_proto_version(struct connection *conn);
+void ssl_sock_set_alpn(struct connection *conn, const unsigned char *, int);
 void ssl_sock_set_servername(struct connection *conn, const char *hostname);
+
 int ssl_sock_get_cert_used_sess(struct connection *conn);
 int ssl_sock_get_cert_used_conn(struct connection *conn);
 int ssl_sock_get_remote_common_name(struct connection *conn,
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@ -6102,6 +6102,13 @@ ssl_sock_get_dn_oneline(X509_NAME *a, struct buffer *out)
 	return 1;
 }

+void ssl_sock_set_alpn(struct connection *conn, const unsigned char *alpn, int len)
+{
+#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
+	SSL_set_alpn_protos(conn->xprt_ctx, alpn, len);
+#endif
+}
+
 /* Sets advertised SNI for outgoing connections. Please set <hostname> to NULL
 * to disable SNI.
 */