diff options
author | Hugo Landau <hlandau@openssl.org> | 2023-01-16 15:20:20 +0000 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2023-07-05 09:02:26 +1000 |
commit | 68dbff4c040e6f1b65f84b649185aa466c4fba24 (patch) | |
tree | 9a07b38cdc6a01e3c4b42b699ca9010753679315 | |
parent | 09d56d20a2db3170b97ec98dcde9862ee7e00e78 (diff) |
QUIC: Forbid NPN
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
-rw-r--r-- | doc/man3/SSL_CTX_set_alpn_select_cb.pod | 3 | ||||
-rw-r--r-- | ssl/ssl_lib.c | 8 |
2 files changed, 11 insertions, 0 deletions
diff --git a/doc/man3/SSL_CTX_set_alpn_select_cb.pod b/doc/man3/SSL_CTX_set_alpn_select_cb.pod index 102e657851..84b2bc5dfe 100644 --- a/doc/man3/SSL_CTX_set_alpn_select_cb.pod +++ b/doc/man3/SSL_CTX_set_alpn_select_cb.pod @@ -111,6 +111,9 @@ the client can request any protocol it chooses. The value returned from this function need not be a member of the list of supported protocols provided by the callback. +NPN functionality cannot be used with QUIC SSL objects. Use of ALPN is mandatory +when using QUIC SSL objects. + =head1 NOTES The protocol-lists must be in wire-format, which is defined as a vector of diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index e14eeffd1b..ad3afe33eb 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -3548,6 +3548,10 @@ void SSL_CTX_set_npn_advertised_cb(SSL_CTX *ctx, SSL_CTX_npn_advertised_cb_func cb, void *arg) { + if (IS_QUIC_CTX(ctx)) + /* NPN not allowed for QUIC */ + return; + ctx->ext.npn_advertised_cb = cb; ctx->ext.npn_advertised_cb_arg = arg; } @@ -3566,6 +3570,10 @@ void SSL_CTX_set_npn_select_cb(SSL_CTX *ctx, SSL_CTX_npn_select_cb_func cb, void *arg) { + if (IS_QUIC_CTX(ctx)) + /* NPN not allowed for QUIC */ + return; + ctx->ext.npn_select_cb = cb; ctx->ext.npn_select_cb_arg = arg; } |