Move ALPN and NPN fields from SSL/SSL_CTX to internal.

ok beck@
author: jsing <> 2017-01-22 06:36:49 +0000
committer: jsing <> 2017-01-22 06:36:49 +0000
commit: 334c9196a27db4244daba48e4ba2118985c535ed (patch)
tree: 765f88b1c5ef0790c3644c70ffacf8e9a39b9ceb /src
parent: 107eff56043a3070d462256dca1675a3db9d9eab (diff)
download: openbsd-334c9196a27db4244daba48e4ba2118985c535ed.tar.gz
openbsd-334c9196a27db4244daba48e4ba2118985c535ed.tar.bz2
openbsd-334c9196a27db4244daba48e4ba2118985c535ed.zip
7 files changed, 129 insertions, 125 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 874e4d398a..74f44dd930 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.159 2016/12/26 16:33:51 jsing Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.160 2017/01/22 06:36:49 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -2702,10 +2702,10 @@ ssl3_send_next_proto(SSL *s)
        if (s->state == SSL3_ST_CW_NEXT_PROTO_A) {
                d = p = ssl3_handshake_msg_start(s, SSL3_MT_NEXT_PROTO);
-                len = s->next_proto_negotiated_len;
+                len = s->internal->next_proto_negotiated_len;
                padding_len = 32 - ((len + 2) % 32);
                *(p++) = len;
-                memcpy(p, s->next_proto_negotiated, len);
+                memcpy(p, s->internal->next_proto_negotiated, len);
                p += len;
                *(p++) = padding_len;
                memset(p, 0, padding_len);
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 6f5ee4fa50..ef7a368d8f 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.118 2017/01/22 03:50:45 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.119 2017/01/22 06:36:49 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1902,9 +1902,9 @@ ssl3_clear(SSL *s)
        s->packet_length = 0;
        s->version = TLS1_VERSION;
-        free(s->next_proto_negotiated);
+        free(s->internal->next_proto_negotiated);
-        s->next_proto_negotiated = NULL;
+        s->internal->next_proto_negotiated = NULL;
-        s->next_proto_negotiated_len = 0;
+        s->internal->next_proto_negotiated_len = 0;
 }
 static long
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 8e3dc11fc1..72d90a85c4 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.138 2016/12/21 16:44:31 jsing Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.139 2017/01/22 06:36:49 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -2905,15 +2905,15 @@ ssl3_get_next_proto(SSL *s)
         * XXX We should not NULL it, but this matches old behavior of not
         * freeing before malloc.
         */
-        s->next_proto_negotiated = NULL;
+        s->internal->next_proto_negotiated = NULL;
-        s->next_proto_negotiated_len = 0;
+        s->internal->next_proto_negotiated_len = 0;
-        if (!CBS_stow(&proto, &s->next_proto_negotiated, &len)) {
+        if (!CBS_stow(&proto, &s->internal->next_proto_negotiated, &len)) {
                SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,
                    ERR_R_MALLOC_FAILURE);
                return (0);
        }
-        s->next_proto_negotiated_len = (uint8_t)len;
+        s->internal->next_proto_negotiated_len = (uint8_t)len;
        return (1);
 }
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index b0f54100e2..fa1027fa28 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.105 2017/01/22 05:14:42 beck Exp $ */
+/* $OpenBSD: ssl.h,v 1.106 2017/01/22 06:36:49 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -841,48 +841,6 @@ struct ssl_ctx_st {
        int (*tlsext_status_cb)(SSL *ssl, void *arg);
        void *tlsext_status_arg;
-        /* Next protocol negotiation information */
-        /* (for experimental NPN extension). */
-        /* For a server, this contains a callback function by which the set of
-         * advertised protocols can be provided. */
-        int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf,
-            unsigned int *len, void *arg);
-        void *next_protos_advertised_cb_arg;
-        /* For a client, this contains a callback function that selects the
-         * next protocol from the list provided by the server. */
-        int (*next_proto_select_cb)(SSL *s, unsigned char **out,
-            unsigned char *outlen, const unsigned char *in,
-            unsigned int inlen, void *arg);
-        void *next_proto_select_cb_arg;
-        /*
-         * ALPN information
-         * (we are in the process of transitioning from NPN to ALPN).
-         */
-        /*
-         * Server callback function that allows the server to select the
-         * protocol for the connection.
-         *   out: on successful return, this must point to the raw protocol
-         *       name (without the length prefix).
-         *   outlen: on successful return, this contains the length of out.
-         *   in: points to the client's list of supported protocols in
-         *       wire-format.
-         *   inlen: the length of in.
-         */
-        int (*alpn_select_cb)(SSL *s, const unsigned char **out,
-            unsigned char *outlen, const unsigned char *in, unsigned int inlen,
-            void *arg);
-        void *alpn_select_cb_arg;
-        /* Client list of supported protocols in wire format. */
-        unsigned char *alpn_client_proto_list;
-        unsigned int alpn_client_proto_list_len;
        /* SRTP profiles we are willing to do from RFC 5764 */
        STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
@@ -1194,16 +1152,6 @@ struct ssl_st {
        SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
 #define session_ctx initial_ctx
-        /* Next protocol negotiation. For the client, this is the protocol that
-         * we sent in NextProtocol and is set when handling ServerHello
-         * extensions.
-         *
-         * For a server, this is the client's selected_protocol from
-         * NextProtocol and is set when handling the NextProtocol message,
-         * before the Finished message. */
-        unsigned char *next_proto_negotiated;
-        unsigned char next_proto_negotiated_len;
        STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;       /* What we'll do */
        SRTP_PROTECTION_PROFILE *srtp_profile;                  /* What's been chosen */
@@ -1215,10 +1163,6 @@ struct ssl_st {
        unsigned int tlsext_hb_pending; /* Indicates if a HeartbeatRequest is in flight */
        unsigned int tlsext_hb_seq;     /* HeartbeatRequest sequence number */
-        /* Client list of supported protocols in wire format. */
-        unsigned char *alpn_client_proto_list;
-        unsigned int alpn_client_proto_list_len;
        int renegotiate;/* 1 if we are renegotiating.
                         * 2 if we are a server and are inside a handshake
                         * (i.e. not just sending a HelloRequest) */
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index d9e5166cdd..7031c91e1c 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.126 2017/01/22 03:50:45 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.127 2017/01/22 06:36:49 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -336,18 +336,18 @@ SSL_new(SSL_CTX *ctx)
        s->tlsext_ocsp_resplen = -1;
        CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
        s->initial_ctx = ctx;
-        s->next_proto_negotiated = NULL;
+        s->internal->next_proto_negotiated = NULL;
-        if (s->ctx->alpn_client_proto_list != NULL) {
+        if (s->ctx->internal->alpn_client_proto_list != NULL) {
-                s->alpn_client_proto_list =
+                s->internal->alpn_client_proto_list =
-                    malloc(s->ctx->alpn_client_proto_list_len);
+                    malloc(s->ctx->internal->alpn_client_proto_list_len);
-                if (s->alpn_client_proto_list == NULL)
+                if (s->internal->alpn_client_proto_list == NULL)
                        goto err;
-                memcpy(s->alpn_client_proto_list,
+                memcpy(s->internal->alpn_client_proto_list,
-                    s->ctx->alpn_client_proto_list,
+                    s->ctx->internal->alpn_client_proto_list,
-                    s->ctx->alpn_client_proto_list_len);
+                    s->ctx->internal->alpn_client_proto_list_len);
-                s->alpn_client_proto_list_len =
+                s->internal->alpn_client_proto_list_len =
-                    s->ctx->alpn_client_proto_list_len;
+                    s->ctx->internal->alpn_client_proto_list_len;
        }
        s->verify_result = X509_V_OK;
@@ -554,8 +554,8 @@ SSL_free(SSL *s)
        SSL_CTX_free(s->ctx);
-        free(s->next_proto_negotiated);
+        free(s->internal->next_proto_negotiated);
-        free(s->alpn_client_proto_list);
+        free(s->internal->alpn_client_proto_list);
 #ifndef OPENSSL_NO_SRTP
        if (s->srtp_profiles)
@@ -1614,11 +1614,11 @@ void
 SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
    unsigned *len)
 {
-        *data = s->next_proto_negotiated;
+        *data = s->internal->next_proto_negotiated;
        if (!*data) {
                *len = 0;
        } else {
-                *len = s->next_proto_negotiated_len;
+                *len = s->internal->next_proto_negotiated_len;
        }
 }
@@ -1637,8 +1637,8 @@ void
 SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl,
    const unsigned char **out, unsigned int *outlen, void *arg), void *arg)
 {
-        ctx->next_protos_advertised_cb = cb;
+        ctx->internal->next_protos_advertised_cb = cb;
-        ctx->next_protos_advertised_cb_arg = arg;
+        ctx->internal->next_protos_advertised_cb_arg = arg;
 }
 /*
@@ -1657,8 +1657,8 @@ SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s,
    unsigned char **out, unsigned char *outlen, const unsigned char *in,
    unsigned int inlen, void *arg), void *arg)
 {
-        ctx->next_proto_select_cb = cb;
+        ctx->internal->next_proto_select_cb = cb;
-        ctx->next_proto_select_cb_arg = arg;
+        ctx->internal->next_proto_select_cb_arg = arg;
 }
 /*
@@ -1670,11 +1670,11 @@ int
 SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
    unsigned int protos_len)
 {
-        free(ctx->alpn_client_proto_list);
+        free(ctx->internal->alpn_client_proto_list);
-        if ((ctx->alpn_client_proto_list = malloc(protos_len)) == NULL)
+        if ((ctx->internal->alpn_client_proto_list = malloc(protos_len)) == NULL)
                return (1);
-        memcpy(ctx->alpn_client_proto_list, protos, protos_len);
+        memcpy(ctx->internal->alpn_client_proto_list, protos, protos_len);
-        ctx->alpn_client_proto_list_len = protos_len;
+        ctx->internal->alpn_client_proto_list_len = protos_len;
        return (0);
 }
@@ -1688,11 +1688,11 @@ int
 SSL_set_alpn_protos(SSL *ssl, const unsigned char* protos,
    unsigned int protos_len)
 {
-        free(ssl->alpn_client_proto_list);
+        free(ssl->internal->alpn_client_proto_list);
-        if ((ssl->alpn_client_proto_list = malloc(protos_len)) == NULL)
+        if ((ssl->internal->alpn_client_proto_list = malloc(protos_len)) == NULL)
                return (1);
-        memcpy(ssl->alpn_client_proto_list, protos, protos_len);
+        memcpy(ssl->internal->alpn_client_proto_list, protos, protos_len);
-        ssl->alpn_client_proto_list_len = protos_len;
+        ssl->internal->alpn_client_proto_list_len = protos_len;
        return (0);
 }
@@ -1707,8 +1707,8 @@ SSL_CTX_set_alpn_select_cb(SSL_CTX* ctx,
    int (*cb) (SSL *ssl, const unsigned char **out, unsigned char *outlen,
    const unsigned char *in, unsigned int inlen, void *arg), void *arg)
 {
-        ctx->alpn_select_cb = cb;
+        ctx->internal->alpn_select_cb = cb;
-        ctx->alpn_select_cb_arg = arg;
+        ctx->internal->alpn_select_cb_arg = arg;
 }
 /*
@@ -1912,8 +1912,8 @@ SSL_CTX_new(const SSL_METHOD *meth)
        ret->tlsext_status_cb = 0;
        ret->tlsext_status_arg = NULL;
-        ret->next_protos_advertised_cb = 0;
+        ret->internal->next_protos_advertised_cb = 0;
-        ret->next_proto_select_cb = 0;
+        ret->internal->next_proto_select_cb = 0;
 #ifndef OPENSSL_NO_ENGINE
        ret->client_cert_engine = NULL;
 #ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
@@ -2003,7 +2003,7 @@ SSL_CTX_free(SSL_CTX *a)
                ENGINE_finish(a->client_cert_engine);
 #endif
-        free(a->alpn_client_proto_list);
+        free(a->internal->alpn_client_proto_list);
        free(a->internal);
        free(a);
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index b8b5dd0b1b..805d68906a 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.148 2017/01/22 05:14:42 beck Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.149 2017/01/22 06:36:49 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -383,11 +383,65 @@ typedef struct ssl_session_internal_st {
 typedef struct ssl_ctx_internal_st {
        uint16_t min_version;
        uint16_t max_version;
+        /* Next protocol negotiation information */
+        /* (for experimental NPN extension). */
+        /* For a server, this contains a callback function by which the set of
+         * advertised protocols can be provided. */
+        int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf,
+            unsigned int *len, void *arg);
+        void *next_protos_advertised_cb_arg;
+        /* For a client, this contains a callback function that selects the
+         * next protocol from the list provided by the server. */
+        int (*next_proto_select_cb)(SSL *s, unsigned char **out,
+            unsigned char *outlen, const unsigned char *in,
+            unsigned int inlen, void *arg);
+        void *next_proto_select_cb_arg;
+        /*
+         * ALPN information
+         * (we are in the process of transitioning from NPN to ALPN).
+         */
+        /*
+         * Server callback function that allows the server to select the
+         * protocol for the connection.
+         *   out: on successful return, this must point to the raw protocol
+         *       name (without the length prefix).
+         *   outlen: on successful return, this contains the length of out.
+         *   in: points to the client's list of supported protocols in
+         *       wire-format.
+         *   inlen: the length of in.
+         */
+        int (*alpn_select_cb)(SSL *s, const unsigned char **out,
+            unsigned char *outlen, const unsigned char *in, unsigned int inlen,
+            void *arg);
+        void *alpn_select_cb_arg;
+        /* Client list of supported protocols in wire format. */
+        unsigned char *alpn_client_proto_list;
+        unsigned int alpn_client_proto_list_len;
 } SSL_CTX_INTERNAL;
 typedef struct ssl_internal_st {
        uint16_t min_version;
        uint16_t max_version;
+        /* Next protocol negotiation. For the client, this is the protocol that
+         * we sent in NextProtocol and is set when handling ServerHello
+         * extensions.
+         *
+         * For a server, this is the client's selected_protocol from
+         * NextProtocol and is set when handling the NextProtocol message,
+         * before the Finished message. */
+        unsigned char *next_proto_negotiated;
+        unsigned char next_proto_negotiated_len;
+        /* Client list of supported protocols in wire format. */
+        unsigned char *alpn_client_proto_list;
+        unsigned int alpn_client_proto_list_len;
 } SSL_INTERNAL;
 typedef struct ssl3_state_internal_st {
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 958c105dd9..55624a2d24 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.97 2017/01/22 05:14:42 beck Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.98 2017/01/22 06:36:49 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -862,7 +862,8 @@ skip_ext:
                        i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret);
        }
-        if (s->ctx->next_proto_select_cb && !s->s3->tmp.finish_md_len) {
+        if (s->ctx->internal->next_proto_select_cb &&
+            !s->s3->tmp.finish_md_len) {
                /* The client advertises an emtpy extension to indicate its
                 * support for Next Protocol Negotiation */
                if ((size_t)(limit - ret) < 4)
@@ -871,16 +872,17 @@ skip_ext:
                s2n(0, ret);
        }
-        if (s->alpn_client_proto_list != NULL &&
+        if (s->internal->alpn_client_proto_list != NULL &&
            s->s3->tmp.finish_md_len == 0) {
-                if ((size_t)(limit - ret) < 6 + s->alpn_client_proto_list_len)
+                if ((size_t)(limit - ret) <
+                    6 + s->internal->alpn_client_proto_list_len)
                        return (NULL);
                s2n(TLSEXT_TYPE_application_layer_protocol_negotiation, ret);
-                s2n(2 + s->alpn_client_proto_list_len, ret);
+                s2n(2 + s->internal->alpn_client_proto_list_len, ret);
-                s2n(s->alpn_client_proto_list_len, ret);
+                s2n(s->internal->alpn_client_proto_list_len, ret);
-                memcpy(ret, s->alpn_client_proto_list,
+                memcpy(ret, s->internal->alpn_client_proto_list,
-                    s->alpn_client_proto_list_len);
+                    s->internal->alpn_client_proto_list_len);
-                ret += s->alpn_client_proto_list_len;
+                ret += s->internal->alpn_client_proto_list_len;
        }
 #ifndef OPENSSL_NO_SRTP
@@ -1085,13 +1087,13 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
        next_proto_neg_seen = s->s3->next_proto_neg_seen;
        s->s3->next_proto_neg_seen = 0;
-        if (next_proto_neg_seen && s->ctx->next_protos_advertised_cb) {
+        if (next_proto_neg_seen && s->ctx->internal->next_protos_advertised_cb) {
                const unsigned char *npa;
                unsigned int npalen;
                int r;
-                r = s->ctx->next_protos_advertised_cb(s, &npa, &npalen,
+                r = s->ctx->internal->next_protos_advertised_cb(s, &npa, &npalen,
-                    s->ctx->next_protos_advertised_cb_arg);
+                    s->ctx->internal->next_protos_advertised_cb_arg);
                if (r == SSL_TLSEXT_ERR_OK) {
                        if ((size_t)(limit - ret) < 4 + npalen)
                                return NULL;
@@ -1142,7 +1144,7 @@ tls1_alpn_handle_client_hello(SSL *s, const unsigned char *data,
        unsigned char selected_len;
        int r;
-        if (s->ctx->alpn_select_cb == NULL)
+        if (s->ctx->internal->alpn_select_cb == NULL)
                return (1);
        if (data_len < 2)
@@ -1169,8 +1171,9 @@ tls1_alpn_handle_client_hello(SSL *s, const unsigned char *data,
                        goto parse_error;
        }
-        r = s->ctx->alpn_select_cb(s, &selected, &selected_len,
+        r = s->ctx->internal->alpn_select_cb(s, &selected, &selected_len,
-            CBS_data(&alpn), CBS_len(&alpn), s->ctx->alpn_select_cb_arg);
+            CBS_data(&alpn), CBS_len(&alpn),
+            s->ctx->internal->alpn_select_cb_arg);
        if (r == SSL_TLSEXT_ERR_OK) {
                free(s->s3->alpn_selected);
                if ((s->s3->alpn_selected = malloc(selected_len)) == NULL) {
@@ -1547,7 +1550,7 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
                }
                else if (type ==
                    TLSEXT_TYPE_application_layer_protocol_negotiation &&
-                    s->ctx->alpn_select_cb != NULL &&
+                    s->ctx->internal->alpn_select_cb != NULL &&
                    s->s3->tmp.finish_md_len == 0) {
                        if (tls1_alpn_handle_client_hello(s, data,
                            size, al) != 1)
@@ -1716,7 +1719,7 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, size_t n, int *al)
                        unsigned char selected_len;
                        /* We must have requested it. */
-                        if (s->ctx->next_proto_select_cb == NULL) {
+                        if (s->ctx->internal->next_proto_select_cb == NULL) {
                                *al = TLS1_AD_UNSUPPORTED_EXTENSION;
                                return 0;
                        }
@@ -1725,17 +1728,20 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, size_t n, int *al)
                                *al = TLS1_AD_DECODE_ERROR;
                                return 0;
                        }
-                        if (s->ctx->next_proto_select_cb(s, &selected, &selected_len, data, size, s->ctx->next_proto_select_cb_arg) != SSL_TLSEXT_ERR_OK) {
+                        if (s->ctx->internal->next_proto_select_cb(s, &selected,
+                            &selected_len, data, size,
+                            s->ctx->internal->next_proto_select_cb_arg) !=
+                            SSL_TLSEXT_ERR_OK) {
                                *al = TLS1_AD_INTERNAL_ERROR;
                                return 0;
                        }
-                        s->next_proto_negotiated = malloc(selected_len);
+                        s->internal->next_proto_negotiated = malloc(selected_len);
-                        if (!s->next_proto_negotiated) {
+                        if (!s->internal->next_proto_negotiated) {
                                *al = TLS1_AD_INTERNAL_ERROR;
                                return 0;
                        }
-                        memcpy(s->next_proto_negotiated, selected, selected_len);
+                        memcpy(s->internal->next_proto_negotiated, selected, selected_len);
-                        s->next_proto_negotiated_len = selected_len;
+                        s->internal->next_proto_negotiated_len = selected_len;
                        s->s3->next_proto_neg_seen = 1;
                }
                else if (type ==
@@ -1743,7 +1749,7 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, size_t n, int *al)
                        unsigned int len;
                        /* We must have requested it. */
-                        if (s->alpn_client_proto_list == NULL) {
+                        if (s->internal->alpn_client_proto_list == NULL) {
                                *al = TLS1_AD_UNSUPPORTED_EXTENSION;
                                return 0;
                        }
author	jsing <>	2017-01-22 06:36:49 +0000
committer	jsing <>	2017-01-22 06:36:49 +0000
commit	334c9196a27db4244daba48e4ba2118985c535ed (patch)
tree	765f88b1c5ef0790c3644c70ffacf8e9a39b9ceb /src
parent	107eff56043a3070d462256dca1675a3db9d9eab (diff)
download	openbsd-334c9196a27db4244daba48e4ba2118985c535ed.tar.gz openbsd-334c9196a27db4244daba48e4ba2118985c535ed.tar.bz2 openbsd-334c9196a27db4244daba48e4ba2118985c535ed.zip