diff options
author | Tomas Mraz <tmraz@fedoraproject.org> | 2020-03-26 15:59:00 +0100 |
---|---|---|
committer | Tomas Mraz <tmraz@fedoraproject.org> | 2020-03-27 17:24:42 +0100 |
commit | 9e885a707d604e9528b5491b78fb9c00f41193fc (patch) | |
tree | b796777d87b7d4f42dc7d02d3839c16e7bfd6193 /apps/s_server.c | |
parent | 9e2c03582de42e8ac5aa23412affcb9645395e94 (diff) |
s_server: Properly indicate ALPN protocol mismatch
Return SSL_TLSEXT_ERR_ALERT_FATAL from alpn_select_cb so that
an alert is sent to the client on ALPN protocol mismatch.
Fixes: #2708
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11415)
Diffstat (limited to 'apps/s_server.c')
-rw-r--r-- | apps/s_server.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/apps/s_server.c b/apps/s_server.c index bcc83e562c..591c6c19c5 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -707,7 +707,7 @@ static int alpn_cb(SSL *s, const unsigned char **out, unsigned char *outlen, if (SSL_select_next_proto ((unsigned char **)out, outlen, alpn_ctx->data, alpn_ctx->len, in, inlen) != OPENSSL_NPN_NEGOTIATED) { - return SSL_TLSEXT_ERR_NOACK; + return SSL_TLSEXT_ERR_ALERT_FATAL; } if (!s_quiet) { |