1 files changed, 19 insertions, 1 deletions
diff --git a/src/lib/libtls/tls_server.c b/src/lib/libtls/tls_server.c
index bba15aae7e..690af32eaf 100644
--- a/src/lib/libtls/tls_server.c
+++ b/src/lib/libtls/tls_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_server.c,v 1.21 2016/08/02 07:47:11 jsing Exp $ */
+/* $OpenBSD: tls_server.c,v 1.22 2016/08/12 15:10:59 jsing Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -48,6 +48,20 @@ tls_server_conn(struct tls *ctx)
        return (conn_ctx);
 }
+static int
+tls_server_alpn_cb(SSL *ssl, const unsigned char **out, unsigned char *outlen,
+    const unsigned char *in, unsigned int inlen, void *arg)
+{
+        struct tls *ctx = arg;
+        if (SSL_select_next_proto((unsigned char**)out, outlen,
+            ctx->config->alpn, ctx->config->alpn_len, in, inlen) ==
+            OPENSSL_NPN_NEGOTIATED)
+                return (SSL_TLSEXT_ERR_OK);
+        return (SSL_TLSEXT_ERR_NOACK);
+}
 int
 tls_configure_server(struct tls *ctx)
 {
@@ -71,6 +85,10 @@ tls_configure_server(struct tls *ctx)
                        goto err;
        }
+        if (ctx->config->alpn != NULL)
+                SSL_CTX_set_alpn_select_cb(ctx->ssl_ctx, tls_server_alpn_cb,
+                    ctx);
        if (ctx->config->dheparams == -1)
                SSL_CTX_set_dh_auto(ctx->ssl_ctx, 1);
        else if (ctx->config->dheparams == 1024)

diff --git a/src/lib/libtls/tls_server.c b/src/lib/libtls/tls_server.c index bba15aae7e..690af32eaf 100644 --- a/src/lib/libtls/tls_server.c +++ b/src/lib/libtls/tls_server.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls_server.c,v 1.21 2016/08/02 07:47:11 jsing Exp $ */	1	/* $OpenBSD: tls_server.c,v 1.22 2016/08/12 15:10:59 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -48,6 +48,20 @@ tls_server_conn(struct tls *ctx)
48	return (conn_ctx);	48	return (conn_ctx);
49	}	49	}
50		50
		51	static int
		52	tls_server_alpn_cb(SSL ssl, const unsigned char out, unsigned char outlen,
		53	const unsigned char in, unsigned int inlen, void arg)
		54	{
		55	struct tls *ctx = arg;
		56
		57	if (SSL_select_next_proto((unsigned char**)out, outlen,
		58	ctx->config->alpn, ctx->config->alpn_len, in, inlen) ==
		59	OPENSSL_NPN_NEGOTIATED)
		60	return (SSL_TLSEXT_ERR_OK);
		61
		62	return (SSL_TLSEXT_ERR_NOACK);
		63	}
		64
51	int	65	int
52	tls_configure_server(struct tls *ctx)	66	tls_configure_server(struct tls *ctx)
53	{	67	{
@@ -71,6 +85,10 @@ tls_configure_server(struct tls *ctx)
71	goto err;	85	goto err;
72	}	86	}
73		87
		88	if (ctx->config->alpn != NULL)
		89	SSL_CTX_set_alpn_select_cb(ctx->ssl_ctx, tls_server_alpn_cb,
		90	ctx);
		91
74	if (ctx->config->dheparams == -1)	92	if (ctx->config->dheparams == -1)
75	SSL_CTX_set_dh_auto(ctx->ssl_ctx, 1);	93	SSL_CTX_set_dh_auto(ctx->ssl_ctx, 1);
76	else if (ctx->config->dheparams == 1024)	94	else if (ctx->config->dheparams == 1024)