diff options
Diffstat (limited to 'lib/libtls/tls_server.c')
| -rw-r--r-- | lib/libtls/tls_server.c | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/lib/libtls/tls_server.c b/lib/libtls/tls_server.c index bba15aae7e6..690af32eaf3 100644 --- a/lib/libtls/tls_server.c +++ b/lib/libtls/tls_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_server.c,v 1.21 2016/08/02 07:47:11 jsing Exp $ */ +/* $OpenBSD: tls_server.c,v 1.22 2016/08/12 15:10:59 jsing Exp $ */ /* * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> * @@ -48,6 +48,20 @@ tls_server_conn(struct tls *ctx) return (conn_ctx); } +static int +tls_server_alpn_cb(SSL *ssl, const unsigned char **out, unsigned char *outlen, + const unsigned char *in, unsigned int inlen, void *arg) +{ + struct tls *ctx = arg; + + if (SSL_select_next_proto((unsigned char**)out, outlen, + ctx->config->alpn, ctx->config->alpn_len, in, inlen) == + OPENSSL_NPN_NEGOTIATED) + return (SSL_TLSEXT_ERR_OK); + + return (SSL_TLSEXT_ERR_NOACK); +} + int tls_configure_server(struct tls *ctx) { @@ -71,6 +85,10 @@ tls_configure_server(struct tls *ctx) goto err; } + if (ctx->config->alpn != NULL) + SSL_CTX_set_alpn_select_cb(ctx->ssl_ctx, tls_server_alpn_cb, + ctx); + if (ctx->config->dheparams == -1) SSL_CTX_set_dh_auto(ctx->ssl_ctx, 1); else if (ctx->config->dheparams == 1024) |