From 9f416fad366f24436204a67b6571024d7bebe98f Mon Sep 17 00:00:00 2001 From: Timur Pocheptsov Date: Tue, 26 Apr 2016 16:59:10 +0200 Subject: [PATCH] qsslsocket/context_openssl - ALPN and NPN, not ALPN or NPN ALPN and NPN should not be mutually exclusive, it's possible that our peer does not support ALPN but does support a protocol we can negotiate via NPN. So use them both. Change-Id: Ib3c8066d89117efab55ac8435cc2c806c7a1ece0 Reviewed-by: Richard J. Moore --- src/network/ssl/qsslcontext_openssl.cpp | 9 ++++----- src/network/ssl/qsslsocket_openssl.cpp | 4 +++- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/src/network/ssl/qsslcontext_openssl.cpp b/src/network/ssl/qsslcontext_openssl.cpp index 543e87c0ca4..b24fdad1f98 100644 --- a/src/network/ssl/qsslcontext_openssl.cpp +++ b/src/network/ssl/qsslcontext_openssl.cpp @@ -470,12 +470,11 @@ SSL* QSslContext::createSsl() q_SSL_CTX_set_alpn_select_cb(ctx, alpn_callback_t(next_proto_cb), &m_npnContext); // Client: q_SSL_set_alpn_protos(ssl, m_npnContext.data, m_npnContext.len); - } else { -#else - { -#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L ... - q_SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &m_npnContext); } +#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L ... + + // And in case our peer does not support ALPN, but supports NPN: + q_SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &m_npnContext); } #endif // OPENSSL_VERSION_NUMBER >= 0x1000100fL ... diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index 48f8e258dfa..5c0c8674cd2 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -1564,7 +1564,9 @@ void QSslSocketBackendPrivate::continueHandshake() // Client does not have a callback that sets it ... configuration.nextProtocolNegotiationStatus = QSslConfiguration::NextProtocolNegotiationNegotiated; } - } else { + } + + if (!proto_len) { // Test if NPN was more lucky ... #else { #endif