You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
30 lines
1.1 KiB
30 lines
1.1 KiB
commit aa2ecea6f711f50192476b26a5b1d767108bd761
|
|
Author: Olivier Houchard <ohouchard@haproxy.com>
|
|
Date: Fri Jun 28 14:10:33 2019 +0200
|
|
|
|
BUG/MEDIUM: ssl: Don't attempt to set alpn if we're not using SSL.
|
|
|
|
Checks use ssl_sock_set_alpn() to set the ALPN if check-alpn is used, however
|
|
check-alpn failed to check if the connection was indeed using SSL, and thus,
|
|
would crash if check-alpn was used on a non-SSL connection. Fix this by
|
|
making sure the connection uses SSL before attempting to set the ALPN.
|
|
|
|
This should be backported to 2.0 and 1.9.
|
|
|
|
(cherry picked from commit e488ea865a433d93efcb14c0c602918070c6b208)
|
|
Signed-off-by: Willy Tarreau <w@1wt.eu>
|
|
|
|
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
|
|
index 05240063..c9fffbec 100644
|
|
--- a/src/ssl_sock.c
|
|
+++ b/src/ssl_sock.c
|
|
@@ -6411,6 +6411,9 @@ void ssl_sock_set_alpn(struct connection *conn, const unsigned char *alpn, int l
|
|
#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
|
|
struct ssl_sock_ctx *ctx = conn->xprt_ctx;
|
|
|
|
+ if (!ssl_sock_is_ssl(conn))
|
|
+ return;
|
|
+
|
|
SSL_set_alpn_protos(ctx->ssl, alpn, len);
|
|
#endif
|
|
}
|