upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-06-09 08:51:28 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

BUG/MEDIUM: ssl: Don't attempt to set alpn if we're not using SSL.

Browse source 
Checks use ssl_sock_set_alpn() to set the ALPN if check-alpn is used, however
check-alpn failed to check if the connection was indeed using SSL, and thus,
would crash if check-alpn was used on a non-SSL connection. Fix this by
making sure the connection uses SSL before attempting to set the ALPN.

This should be backported to 2.0 and 1.9.
This commit is contained in:
Olivier Houchard 2019-06-28 14:10:33 +02:00 committed by Olivier Houchard
parent d87d3fab25
commit e488ea865a
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/ssl_sock.c
View file

@ -6411,6 +6411,9 @@ void ssl_sock_set_alpn(struct connection *conn, const unsigned char *alpn, int l
#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
struct ssl_sock_ctx *ctx = conn->xprt_ctx;
if (!ssl_sock_is_ssl(conn))
return;
SSL_set_alpn_protos(ctx->ssl, alpn, len);
#endif
}