commit aa2ecea6f711f50192476b26a5b1d767108bd761
Author: Olivier Houchard <ohouchard@haproxy.com>
Date:   Fri Jun 28 14:10:33 2019 +0200

    BUG/MEDIUM: ssl: Don't attempt to set alpn if we're not using SSL.
    
    Checks use ssl_sock_set_alpn() to set the ALPN if check-alpn is used, however
    check-alpn failed to check if the connection was indeed using SSL, and thus,
    would crash if check-alpn was used on a non-SSL connection. Fix this by
    making sure the connection uses SSL before attempting to set the ALPN.
    
    This should be backported to 2.0 and 1.9.
    
    (cherry picked from commit e488ea865a433d93efcb14c0c602918070c6b208)
    Signed-off-by: Willy Tarreau <w@1wt.eu>

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 05240063..c9fffbec 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -6411,6 +6411,9 @@ void ssl_sock_set_alpn(struct connection *conn, const unsigned char *alpn, int l
 #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
 	struct ssl_sock_ctx *ctx = conn->xprt_ctx;
 
+	if (!ssl_sock_is_ssl(conn))
+		return;
+
 	SSL_set_alpn_protos(ctx->ssl, alpn, len);
 #endif
 }