tcpiohandler: Use server preference algoritm for ALPN selection

author Doug Freed <dwfreed@mtu.edu>

Sun, 3 Mar 2024 09:24:34 +0000 (09:24 +0000)

committer Doug Freed <dwfreed@mtu.edu>

Sun, 3 Mar 2024 09:42:11 +0000 (09:42 +0000)
author Doug Freed <dwfreed@mtu.edu>
Sun, 3 Mar 2024 09:24:34 +0000 (09:24 +0000)
committer Doug Freed <dwfreed@mtu.edu>
Sun, 3 Mar 2024 09:42:11 +0000 (09:42 +0000)
diff --git a/pdns/tcpiohandler.cc b/pdns/tcpiohandler.cc

index 841d9e3217e314f487ca8312862b59b9c80f310e..77eeedeaa817c2ab00a49611c69519609c4cd5c7 100644 (file)
--- a/pdns/tcpiohandler.cc
+++ b/pdns/tcpiohandler.cc
@@ -878,23 +878,24 @@ private:
      }
      OpenSSLTLSIOCtx* obj = reinterpret_cast<OpenSSLTLSIOCtx*>(arg);
  
-    size_t pos = 0;
-    while (pos < inlen) {
-      size_t protoLen = in[pos];
-      pos++;
-      if (protoLen > (inlen - pos)) {
-        /* something is very wrong */
-        return SSL_TLSEXT_ERR_ALERT_WARNING;
-      }
+    // Server preference algorithm as per RFC 7301 section 3.2
+    for (const auto& tentative : obj->d_alpnProtos) {
+      size_t pos = 0;
+      while (pos < inlen) {
+        size_t protoLen = in[pos];
+        pos++;
+        if (protoLen > (inlen - pos)) {
+          /* something is very wrong */
+          return SSL_TLSEXT_ERR_ALERT_WARNING;
+        }
  
-      for (const auto& tentative : obj->d_alpnProtos) {
          if (tentative.size() == protoLen && memcmp(in + pos, tentative.data(), tentative.size()) == 0) {
            *out = in + pos;
            *outlen = protoLen;
            return SSL_TLSEXT_ERR_OK;
          }
+        pos += protoLen;
        }
-      pos += protoLen;
      }
  
      return SSL_TLSEXT_ERR_NOACK;
author	Doug Freed <dwfreed@mtu.edu>
	Sun, 3 Mar 2024 09:24:34 +0000 (09:24 +0000)
committer	Doug Freed <dwfreed@mtu.edu>
	Sun, 3 Mar 2024 09:42:11 +0000 (09:42 +0000)