From: Olivier Houchard <ohouchard@haproxy.com>
Date: Fri, 21 Dec 2018 18:45:40 +0000 (+0100)
Subject: MINOR: ssl: Add ssl_sock_set_alpn().
X-Git-Tag: v2.0-dev0~2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ab28a320aa39324a588a1279f122291a340c92ce;p=thirdparty%2Fhaproxy.git

MINOR: ssl: Add ssl_sock_set_alpn().

Add a new function, ssl_sock_set_alpn(), to be able to change the ALPN
for a connection, instead of relying of the one defined in the SSL_CTX.
---

diff --git a/include/proto/ssl_sock.h b/include/proto/ssl_sock.h
index f04317ae9b..ce66cdfa1c 100644
--- a/include/proto/ssl_sock.h
+++ b/include/proto/ssl_sock.h
@@ -54,7 +54,9 @@ const char *ssl_sock_get_sni(struct connection *conn);
 const char *ssl_sock_get_cert_sig(struct connection *conn);
 const char *ssl_sock_get_cipher_name(struct connection *conn);
 const char *ssl_sock_get_proto_version(struct connection *conn);
+void ssl_sock_set_alpn(struct connection *conn, const unsigned char *, int);
 void ssl_sock_set_servername(struct connection *conn, const char *hostname);
+
 int ssl_sock_get_cert_used_sess(struct connection *conn);
 int ssl_sock_get_cert_used_conn(struct connection *conn);
 int ssl_sock_get_remote_common_name(struct connection *conn,
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index b6db4c575d..d45e3e27be 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -6102,6 +6102,13 @@ ssl_sock_get_dn_oneline(X509_NAME *a, struct buffer *out)
 	return 1;
 }
 
+void ssl_sock_set_alpn(struct connection *conn, const unsigned char *alpn, int len)
+{
+#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
+	SSL_set_alpn_protos(conn->xprt_ctx, alpn, len);
+#endif
+}
+
 /* Sets advertised SNI for outgoing connections. Please set <hostname> to NULL
  * to disable SNI.
  */