qsslsocket/context_openssl - ALPN and NPN, not ALPN or NPN

ALPN and NPN should not be mutually exclusive, it's possible that our peer does not support ALPN but does support a protocol we can negotiate via NPN. So use them both. Change-Id: Ib3c8066d89117efab55ac8435cc2c806c7a1ece0 Reviewed-by: Richard J. Moore <rich@kde.org>
2016-04-26 16:59:10 +02:00 · 2016-04-26 16:59:10 +02:00 · 9f416fad36
commit 9f416fad36
parent ea97a43175
2 changed files with 7 additions and 6 deletions
--- a/src/network/ssl/qsslcontext_openssl.cpp
+++ b/src/network/ssl/qsslcontext_openssl.cpp
@ -470,12 +470,11 @@ SSL* QSslContext::createSsl()
            q_SSL_CTX_set_alpn_select_cb(ctx, alpn_callback_t(next_proto_cb), &m_npnContext);
            // Client:
            q_SSL_set_alpn_protos(ssl, m_npnContext.data, m_npnContext.len);
-        } else {
-#else
-        {
-#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L ...
-            q_SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &m_npnContext);
        }
+#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L ...
+
+        // And in case our peer does not support ALPN, but supports NPN:
+        q_SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &m_npnContext);
    }
 #endif // OPENSSL_VERSION_NUMBER >= 0x1000100fL ...

--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@ -1564,7 +1564,9 @@ void QSslSocketBackendPrivate::continueHandshake()
                // Client does not have a callback that sets it ...
                configuration.nextProtocolNegotiationStatus = QSslConfiguration::NextProtocolNegotiationNegotiated;
            }
-        } else {
+        }
+
+        if (!proto_len) { // Test if NPN was more lucky ...
 #else
        {
 #endif