From b75dcc327d73d0f5f00f1367a7d98e3979ddbd9f Mon Sep 17 00:00:00 2001 From: jsing <> Date: Mon, 1 Aug 2016 17:32:19 +0000 Subject: Add ALPN support to libtls. ok beck@ doug@ --- src/lib/libtls/tls_conninfo.c | 35 ++++++++++++++++++++++++++++++++++- 1 file changed, 34 insertions(+), 1 deletion(-) (limited to 'src/lib/libtls/tls_conninfo.c') diff --git a/src/lib/libtls/tls_conninfo.c b/src/lib/libtls/tls_conninfo.c index 1e134bfe59..93526fceeb 100644 --- a/src/lib/libtls/tls_conninfo.c +++ b/src/lib/libtls/tls_conninfo.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_conninfo.c,v 1.5 2015/10/07 23:33:38 beck Exp $ */ +/* $OpenBSD: tls_conninfo.c,v 1.6 2016/08/01 17:32:19 jsing Exp $ */ /* * Copyright (c) 2015 Joel Sing * Copyright (c) 2015 Bob Beck @@ -150,6 +150,26 @@ tls_get_peer_cert_times(struct tls *ctx, time_t *notbefore, time_t *notafter) return (rv); } +static int +tls_conninfo_alpn_proto(struct tls *ctx) +{ + const unsigned char *p; + unsigned int len; + + free(ctx->conninfo->alpn); + ctx->conninfo->alpn = NULL; + + SSL_get0_alpn_selected(ctx->ssl_conn, &p, &len); + if (len > 0) { + if ((ctx->conninfo->alpn = malloc(len + 1)) == NULL) + return (-1); + memcpy(ctx->conninfo->alpn, p, len); + ctx->conninfo->alpn[len] = '\0'; + } + + return (0); +} + int tls_get_conninfo(struct tls *ctx) { const char * tmp; @@ -175,6 +195,9 @@ tls_get_conninfo(struct tls *ctx) { ctx->conninfo->cipher = strdup(tmp); if (ctx->conninfo->cipher == NULL) goto err; + if (tls_conninfo_alpn_proto(ctx) == -1) + goto err; + return (0); err: tls_free_conninfo(ctx->conninfo); @@ -184,6 +207,8 @@ err: void tls_free_conninfo(struct tls_conninfo *conninfo) { if (conninfo != NULL) { + free(conninfo->alpn); + conninfo->alpn = NULL; free(conninfo->hash); conninfo->hash = NULL; free(conninfo->subject); @@ -197,6 +222,14 @@ tls_free_conninfo(struct tls_conninfo *conninfo) { } } +const char * +tls_conn_alpn_selected(struct tls *ctx) +{ + if (ctx->conninfo == NULL) + return (NULL); + return (ctx->conninfo->alpn); +} + const char * tls_conn_cipher(struct tls *ctx) { -- cgit v1.2.3-55-g6feb