From: Kamil Dudka <kdudka@redhat.com>
Date: Wed, 18 Mar 2015 18:38:32 +0000 (+0100)
Subject: nss: explicitly tell NSS to disable NPN/ALPN
X-Git-Tag: curl-7_42_0~134
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e3fbdc7c8aef694bad55ec2f294cb2238f689984;p=thirdparty%2Fcurl.git

nss: explicitly tell NSS to disable NPN/ALPN

... if disabled at libcurl level.  Otherwise, we would allow to
negotiate NPN despite curl was invoked with the --no-npn option.
---

diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index ee22e9db37..841d6b75d4 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -1641,18 +1641,15 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
 #endif
 
 #ifdef SSL_ENABLE_NPN
-  if(data->set.ssl_enable_npn) {
-    if(SSL_OptionSet(connssl->handle, SSL_ENABLE_NPN, PR_TRUE) != SECSuccess)
-      goto error;
-  }
+  if(SSL_OptionSet(connssl->handle, SSL_ENABLE_NPN, data->set.ssl_enable_npn
+        ? PR_TRUE : PR_FALSE) != SECSuccess)
+    goto error;
 #endif
 
 #ifdef SSL_ENABLE_ALPN
-  if(data->set.ssl_enable_alpn) {
-    if(SSL_OptionSet(connssl->handle, SSL_ENABLE_ALPN, PR_TRUE)
-        != SECSuccess)
-      goto error;
-  }
+  if(SSL_OptionSet(connssl->handle, SSL_ENABLE_ALPN, data->set.ssl_enable_alpn
+        ? PR_TRUE : PR_FALSE) != SECSuccess)
+    goto error;
 #endif
 
 #if defined(SSL_ENABLE_NPN) || defined(SSL_ENABLE_ALPN)