diff options
-rw-r--r-- | doc/man3/SSL_CTX_set_alpn_select_cb.pod | 8 | ||||
-rw-r--r-- | ssl/statem/extensions.c | 3 | ||||
-rw-r--r-- | test/handshake_helper.c | 2 |
3 files changed, 11 insertions, 2 deletions
diff --git a/doc/man3/SSL_CTX_set_alpn_select_cb.pod b/doc/man3/SSL_CTX_set_alpn_select_cb.pod index 5ff5a93b52..5ad063eb7f 100644 --- a/doc/man3/SSL_CTX_set_alpn_select_cb.pod +++ b/doc/man3/SSL_CTX_set_alpn_select_cb.pod @@ -113,9 +113,15 @@ The ALPN select callback B<cb>, must return one of the following: ALPN protocol selected. +=item SSL_TLSEXT_ERR_ALERT_FATAL + +There was no overlap between the client's supplied list and the server +configuration. + =item SSL_TLSEXT_ERR_NOACK -ALPN protocol not selected. +ALPN protocol not selected, e.g., because no ALPN protocols are configured for +this connection. =back diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index cd1d0bd3ec..7ec7128172 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -919,6 +919,9 @@ static int final_alpn(SSL *s, unsigned int context, int sent, int *al) /* ALPN takes precedence over NPN. */ s->s3->npn_seen = 0; #endif + } else if (r == SSL_TLSEXT_ERR_NOACK) { + /* Behave as if no callback was present. */ + return 1; } else { *al = SSL_AD_NO_APPLICATION_PROTOCOL; return 0; diff --git a/test/handshake_helper.c b/test/handshake_helper.c index 47af3fe396..94fa5c578f 100644 --- a/test/handshake_helper.c +++ b/test/handshake_helper.c @@ -413,7 +413,7 @@ static int server_alpn_cb(SSL *s, const unsigned char **out, *out = tmp_out; /* Unlike NPN, we don't tolerate a mismatch. */ return ret == OPENSSL_NPN_NEGOTIATED ? SSL_TLSEXT_ERR_OK - : SSL_TLSEXT_ERR_NOACK; + : SSL_TLSEXT_ERR_ALERT_FATAL; } #ifndef OPENSSL_NO_SRP |