vtls: provide a unified APLN-disagree string for all backends

Also rephrase to make it sound less dangerous:

 "ALPN: server did not agree on a protocol. Uses default."

Reported-by: Nick Coghlan
Fixes #8643
Closes #8651

diff --git a/lib/vtls/bearssl.c b/lib/vtls/bearssl.c
index fa1ba34dd5dbef7bfc840a400dcc8615340e5ea1..58b8722942a5dbc39c1c1148ea4278492a9a5138 100644 (file)
--- a/lib/vtls/bearssl.c
+++ b/lib/vtls/bearssl.c
@@ -884,7 +884,7 @@ static CURLcode bearssl_connect_step3(struct Curl_easy *data,
                           BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);
     }
     else
-      infof(data, "ALPN, server did not agree to a protocol");
+      infof(data, VTLS_INFOF_NO_ALPN);
   }
 
   if(SSL_SET_OPTION(primary.sessionid)) {

diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
index bc8ef68ec2c6f750503e2080459f5bcf3650df6c..5e60ec4d2196195b893f438f2b574c561e9c7a45 100644 (file)
--- a/lib/vtls/gtls.c
+++ b/lib/vtls/gtls.c
@@ -1280,7 +1280,7 @@ Curl_gtls_verifyserver(struct Curl_easy *data,
       }
     }
     else
-      infof(data, "ALPN, server did not agree to a protocol");
+      infof(data, VTLS_INFOF_NO_ALPN);
 
     Curl_multiuse_state(data, conn->negnpn == CURL_HTTP_VERSION_2 ?
                         BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);

diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c
index b9fd26accaf58b26bbc1c57a51ad0f67f1db2148..b61dc50fe1210ab27b03585e78a658a76799642e 100644 (file)
--- a/lib/vtls/mbedtls.c
+++ b/lib/vtls/mbedtls.c
@@ -828,7 +828,7 @@ mbed_connect_step2(struct Curl_easy *data, struct connectdata *conn,
         }
     }
     else {
-      infof(data, "ALPN, server did not agree to a protocol");
+      infof(data, VTLS_INFOF_NO_ALPN);
     }
     Curl_multiuse_state(data, conn->negnpn == CURL_HTTP_VERSION_2 ?
                         BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);

diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index 558e3bed39f4fe8f330e3c2d042ad67395e4c743..5501b0845d889a1fbc7379bc4b210e7b7dd38358 100644 (file)
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -862,7 +862,7 @@ static void HandshakeCallback(PRFileDesc *sock, void *arg)
 #endif
     case SSL_NEXT_PROTO_NO_SUPPORT:
     case SSL_NEXT_PROTO_NO_OVERLAP:
-      infof(data, "ALPN/NPN, server did not agree to a protocol");
+      infof(data, VTLS_INFOF_NO_ALPN);
       return;
 #ifdef SSL_ENABLE_ALPN
     case SSL_NEXT_PROTO_SELECTED:

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 1c309905a09612f74dac43915898aab33ed26ca5..2e07fad066ee82e6416030244892edb2f418634e 100644 (file)
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -3472,7 +3472,7 @@ static CURLcode ossl_connect_step2(struct Curl_easy *data,
         }
       }
       else
-        infof(data, "ALPN, server did not agree to a protocol");
+        infof(data, VTLS_INFOF_NO_ALPN);
 
       Curl_multiuse_state(data, conn->negnpn == CURL_HTTP_VERSION_2 ?
                           BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);

diff --git a/lib/vtls/rustls.c b/lib/vtls/rustls.c
index 0e651aed9dbc4ea5bd19a648498ee7dc7b18f62d..4ec972869367acab0696cd9fb00bf0355ccb3f81 100644 (file)
--- a/lib/vtls/rustls.c
+++ b/lib/vtls/rustls.c
@@ -406,7 +406,7 @@ cr_set_negotiated_alpn(struct Curl_easy *data, struct connectdata *conn,
 
   rustls_connection_get_alpn_protocol(rconn, &protocol, &len);
   if(!protocol) {
-    infof(data, "ALPN, server did not agree to a protocol");
+    infof(data, VTLS_INFOF_NO_ALPN);
     return;
   }
 

diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c
index 04c8f3b6cf9dfeafef9916a75a973faa9f450668..2d641038f6fa3453b6375e1db8134df39043a32d 100644 (file)
--- a/lib/vtls/schannel.c
+++ b/lib/vtls/schannel.c
@@ -1433,7 +1433,7 @@ schannel_connect_step3(struct Curl_easy *data, struct connectdata *conn,
         }
     }
     else
-      infof(data, "ALPN, server did not agree to a protocol");
+      infof(data, VTLS_INFOF_NO_ALPN);
     Curl_multiuse_state(data, conn->negnpn == CURL_HTTP_VERSION_2 ?
                         BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);
   }

diff --git a/lib/vtls/sectransp.c b/lib/vtls/sectransp.c
index ca20b521210c897be774083782f84a293fb14f2e..8c098700f69f5b49ccdd9d286343092af899bb5a 100644 (file)
--- a/lib/vtls/sectransp.c
+++ b/lib/vtls/sectransp.c
@@ -2853,7 +2853,7 @@ sectransp_connect_step2(struct Curl_easy *data, struct connectdata *conn,
           conn->negnpn = CURL_HTTP_VERSION_1_1;
         }
         else
-          infof(data, "ALPN, server did not agree to a protocol");
+          infof(data, VTLS_INFOF_NO_ALPN);
 
         Curl_multiuse_state(data, conn->negnpn == CURL_HTTP_VERSION_2 ?
                             BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);

diff --git a/lib/vtls/vtls.h b/lib/vtls/vtls.h
index af3b8d3c94fc135fc435787b2c52b5e601cb8138..2853a06f0dee7fbd801ae1f8749f43a23aa993f8 100644 (file)
--- a/lib/vtls/vtls.h
+++ b/lib/vtls/vtls.h
@@ -34,6 +34,9 @@ struct ssl_connect_data;
 #define SSLSUPP_TLS13_CIPHERSUITES (1<<5) /* supports TLS 1.3 ciphersuites */
 #define SSLSUPP_CAINFO_BLOB  (1<<6)
 
+#define VTLS_INFOF_NO_ALPN                                      \
+  "ALPN: server did not agree on a protocol. Uses default."
+
 struct Curl_ssl {
   /*
    * This *must* be the first entry to allow returning the list of available

diff --git a/lib/vtls/wolfssl.c b/lib/vtls/wolfssl.c
index 09ec739c00a953ae5d940e8732243273119e872b..36d517721040f13287c0163131444db84bd38340 100644 (file)
--- a/lib/vtls/wolfssl.c
+++ b/lib/vtls/wolfssl.c
@@ -776,7 +776,7 @@ wolfssl_connect_step2(struct Curl_easy *data, struct connectdata *conn,
                           BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);
     }
     else if(rc == SSL_ALPN_NOT_FOUND)
-      infof(data, "ALPN, server did not agree to a protocol");
+      infof(data, VTLS_INFOF_NO_ALPN);
     else {
       failf(data, "ALPN, failure getting protocol, error %d", rc);
       return CURLE_SSL_CONNECT_ERROR;