mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-02-23 14:42:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

QUIC: Forbid NPN

Browse Source 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
This commit is contained in:
Hugo Landau 2023-01-16 15:20:20 +00:00 committed by Pauli
parent 09d56d20a2
commit 68dbff4c04
2 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
doc/man3/SSL_CTX_set_alpn_select_cb.pod
View File

@ -111,6 +111,9 @@ the client can request any protocol it chooses. The value returned from
this function need not be a member of the list of supported protocols
provided by the callback.
NPN functionality cannot be used with QUIC SSL objects. Use of ALPN is mandatory
when using QUIC SSL objects.
=head1 NOTES
The protocol-lists must be in wire-format, which is defined as a vector of

8
ssl/ssl_lib.c
View File

@ -3548,6 +3548,10 @@ void SSL_CTX_set_npn_advertised_cb(SSL_CTX *ctx,
SSL_CTX_npn_advertised_cb_func cb,
void *arg)
{
if (IS_QUIC_CTX(ctx))
/* NPN not allowed for QUIC */
return;
ctx->ext.npn_advertised_cb = cb;
ctx->ext.npn_advertised_cb_arg = arg;
}
@ -3566,6 +3570,10 @@ void SSL_CTX_set_npn_select_cb(SSL_CTX *ctx,
SSL_CTX_npn_select_cb_func cb,
void *arg)
{
if (IS_QUIC_CTX(ctx))
/* NPN not allowed for QUIC */
return;
ctx->ext.npn_select_cb = cb;
ctx->ext.npn_select_cb_arg = arg;
}