From ab28a320aa39324a588a1279f122291a340c92ce Mon Sep 17 00:00:00 2001 From: Olivier Houchard Date: Fri, 21 Dec 2018 19:45:40 +0100 Subject: [PATCH] MINOR: ssl: Add ssl_sock_set_alpn(). Add a new function, ssl_sock_set_alpn(), to be able to change the ALPN for a connection, instead of relying of the one defined in the SSL_CTX. --- include/proto/ssl_sock.h | 2 ++ src/ssl_sock.c | 7 +++++++ 2 files changed, 9 insertions(+) diff --git a/include/proto/ssl_sock.h b/include/proto/ssl_sock.h index f04317ae9..ce66cdfa1 100644 --- a/include/proto/ssl_sock.h +++ b/include/proto/ssl_sock.h @@ -54,7 +54,9 @@ const char *ssl_sock_get_sni(struct connection *conn); const char *ssl_sock_get_cert_sig(struct connection *conn); const char *ssl_sock_get_cipher_name(struct connection *conn); const char *ssl_sock_get_proto_version(struct connection *conn); +void ssl_sock_set_alpn(struct connection *conn, const unsigned char *, int); void ssl_sock_set_servername(struct connection *conn, const char *hostname); + int ssl_sock_get_cert_used_sess(struct connection *conn); int ssl_sock_get_cert_used_conn(struct connection *conn); int ssl_sock_get_remote_common_name(struct connection *conn, diff --git a/src/ssl_sock.c b/src/ssl_sock.c index b6db4c575..d45e3e27b 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -6102,6 +6102,13 @@ ssl_sock_get_dn_oneline(X509_NAME *a, struct buffer *out) return 1; } +void ssl_sock_set_alpn(struct connection *conn, const unsigned char *alpn, int len) +{ +#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation + SSL_set_alpn_protos(conn->xprt_ctx, alpn, len); +#endif +} + /* Sets advertised SNI for outgoing connections. Please set to NULL * to disable SNI. */