From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Thu, 30 Jan 2025 11:57:08 +0000 (+0200)
Subject: lib-ssl-iostream: Set context application protocols only once
X-Git-Tag: 2.4.1~223
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f664415116872b13cb7d50cc0844b263809e54da;p=thirdparty%2Fdovecot%2Fcore.git

lib-ssl-iostream: Set context application protocols only once
---

diff --git a/src/lib-ssl-iostream/iostream-openssl-context.c b/src/lib-ssl-iostream/iostream-openssl-context.c
index e6d47e8a2e..a6e0ef5296 100644
--- a/src/lib-ssl-iostream/iostream-openssl-context.c
+++ b/src/lib-ssl-iostream/iostream-openssl-context.c
@@ -758,7 +758,7 @@ ssl_iostream_context_set(struct ssl_iostream_context *ctx,
 		SSL_CTX_set_alpn_select_cb(ctx->ssl_ctx, openssl_iostream_alpn_select, ctx);
 #endif
 	}
-	if (set->application_protocols != NULL) {
+	if (ctx->protos == NULL && set->application_protocols != NULL) {
 		openssl_iostream_context_set_application_protocols(ctx,
 			set->application_protocols);
 	}
@@ -787,6 +787,7 @@ ssl_proxy_ctx_set_crypto_params(SSL_CTX *ssl_ctx,
 void openssl_iostream_context_set_application_protocols(struct ssl_iostream_context *ctx,
 							const char *const *names)
 {
+	i_assert(ctx->protos == NULL);
 	i_assert(names != NULL);
 	ARRAY(struct ssl_alpn_protocol) protos;
 	p_array_init(&protos, ctx->pool, str_array_length(names) + 1);