luo980/curl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

NPN: remove support for and use of

Browse Source 
Next Protocol Negotiation is a TLS extension that was created and used
for agreeing to use the SPDY protocol (the precursor to HTTP/2) for
HTTPS. In the early days of HTTP/2, before the spec was finalized and
shipped, the protocol could be enabled using this extension with some
servers.

curl supports the NPN extension with some TLS backends since then, with
a command line option `--npn` and in libcurl with
`CURLOPT_SSL_ENABLE_NPN`.

HTTP/2 proper is made to use the ALPN (Application-Layer Protocol
Negotiation) extension and the NPN extension has no purposes
anymore. The HTTP/2 spec was published in May 2015.

Today, use of NPN in the wild should be extremely rare and most likely
totally extinct. Chrome removed NPN support in Chrome 51, shipped in
June 2016. Removed in Firefox 53, April 2017.

Closes #9307
This commit is contained in:
Daniel Stenberg 2022-09-01 09:23:22 +02:00
parent e08c82f046
commit 472f1cbe7e
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
22 changed files with 55 additions and 177 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
docs/DEPRECATE.md
View File

@ -19,28 +19,9 @@ We remove support for building curl with the NSS TLS library in August 2023.
Starting in 7.82.0, building curl to use NSS configure requires the additional
flag --with-nss-deprecated in an attempt to highlight these plans.
## NPN
We make selecting NPN a no-op starting in August 2022.
**Next Protocol Negotiation** is a TLS extension that was created and used for
agreeing to use the SPDY protocol (the precursor to HTTP/2) for HTTPS. In the
early days of HTTP/2, before the spec was finalized and shipped, the protocol
could be enabled using this extension with some servers.
curl supports the NPN extension with some TLS backends since then, with a
command line option `--npn` and in libcurl with `CURLOPT_SSL_ENABLE_NPN`.
HTTP/2 proper is made to use the ALPN (Application-Layer Protocol Negotiation)
extension and the NPN extension has no purposes anymore. The HTTP/2 spec was
published in May 2015.
Today, use of NPN in the wild should be extremely rare and most likely totally
extinct. Chrome removed NPN support in Chrome 51, shipped in
June 2016. Removed in Firefox 53, April 2017.
## past removals
- Pipelining
- axTLS
- PolarSSL
- NPN

29
docs/HTTP2.md
View File

@ -35,35 +35,16 @@ Over an https:// URL
--------------------
If `CURLOPT_HTTP_VERSION` is set to `CURL_HTTP_VERSION_2_0`, libcurl will use
ALPN (or NPN) to negotiate which protocol to continue with. Possibly introduce
an option that will cause libcurl to fail if not possible to use HTTP/2.
ALPN to negotiate which protocol to continue with. Possibly introduce an
option that will cause libcurl to fail if not possible to use HTTP/2.
`CURL_HTTP_VERSION_2TLS` was added in 7.47.0 as a way to ask libcurl to prefer
HTTP/2 for HTTPS but stick to 1.1 by default for plain old HTTP connections.
ALPN is the TLS extension that HTTP/2 is expected to use. The NPN extension is
for a similar purpose, was made prior to ALPN and is used for SPDY so early
HTTP/2 servers are implemented using NPN before ALPN support is widespread.
ALPN is the TLS extension that HTTP/2 is expected to use.
`CURLOPT_SSL_ENABLE_ALPN` and `CURLOPT_SSL_ENABLE_NPN` are offered to allow
applications to explicitly disable ALPN or NPN.
SSL libs
--------
The challenge is the ALPN and NPN support and all our different SSL
backends. You may need a fairly updated SSL library version for it to provide
the necessary TLS features. Right now we support:
- OpenSSL: ALPN and NPN
- libressl: ALPN and NPN
- BoringSSL: ALPN and NPN
- NSS: ALPN and NPN
- GnuTLS: ALPN
- mbedTLS: ALPN
- Schannel: ALPN
- wolfSSL: ALPN
- Secure Transport: ALPN
`CURLOPT_SSL_ENABLE_ALPN` is offered to allow applications to explicitly
disable ALPN.
Multiplexing
------------

2
docs/cmdline-opts/no-npn.d
View File

@ -11,6 +11,8 @@ Help: Disable the NPN TLS extension
Category: tls http
Example: --no-npn $URL
---
In curl 7.86.0 and later, curl never uses NPN.
Disable the NPN TLS extension. NPN is enabled by default if libcurl was built
with an SSL library that supports NPN. NPN is used by a libcurl that supports
HTTP/2 to negotiate HTTP/2 support with the server during https sessions.

4
docs/libcurl/opts/CURLOPT_SSL_ENABLE_NPN.3
View File

@ -32,6 +32,8 @@ CURLOPT_SSL_ENABLE_NPN \- use NPN
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_ENABLE_NPN, long npn);
.fi
.SH DESCRIPTION
Deprecated in 7.86.0. Setting this option has no function.
Pass a long as parameter, 0 or 1 where 1 is for enable and 0 for disable. This
option enables/disables NPN in the SSL handshake (if the SSL backend libcurl
is built to use supports it), which can be used to negotiate http2.
@ -50,7 +52,7 @@ if(curl) {
}
.fi
.SH AVAILABILITY
Added in 7.36.0
Added in 7.36.0. Deprecated in 7.86.0.
.SH RETURN VALUE
Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.
.SH "SEE ALSO"

2
docs/libcurl/symbols-in-versions
View File

@ -814,7 +814,7 @@ CURLOPT_SSL_CTX_DATA 7.10.6
CURLOPT_SSL_CTX_FUNCTION 7.10.6
CURLOPT_SSL_EC_CURVES 7.73.0
CURLOPT_SSL_ENABLE_ALPN 7.36.0
CURLOPT_SSL_ENABLE_NPN 7.36.0
CURLOPT_SSL_ENABLE_NPN 7.36.0 7.86.0
CURLOPT_SSL_FALSESTART 7.42.0
CURLOPT_SSL_OPTIONS 7.25.0
CURLOPT_SSL_SESSIONID_CACHE 7.16.0

2
lib/c-hyper.c
View File

@ -918,7 +918,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done)
result = CURLE_OUT_OF_MEMORY;
goto error;
}
if(conn->negnpn == CURL_HTTP_VERSION_2) {
if(conn->alpn == CURL_HTTP_VERSION_2) {
hyper_clientconn_options_http2(options, 1);
h2 = TRUE;
}

4
lib/http.c
View File

@ -166,7 +166,7 @@ const struct Curl_handler Curl_handler_https = {
PORT_HTTPS, /* defport */
CURLPROTO_HTTPS, /* protocol */
CURLPROTO_HTTP, /* family */
PROTOPT_SSL | PROTOPT_CREDSPERREQUEST | PROTOPT_ALPN_NPN | /* flags */
PROTOPT_SSL | PROTOPT_CREDSPERREQUEST | PROTOPT_ALPN | /* flags */
PROTOPT_USERPWDCTRL
};
#endif
@ -3044,7 +3044,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done)
if(conn->transport != TRNSPRT_QUIC) {
if(conn->httpversion < 20) { /* unless the connection is re-used and
already http2 */
switch(conn->negnpn) {
switch(conn->alpn) {
case CURL_HTTP_VERSION_2:
conn->httpversion = 20; /* we know we're on HTTP/2 now */

1
lib/setopt.c
View File

@ -2952,7 +2952,6 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
#endif
break;
case CURLOPT_SSL_ENABLE_NPN:
data->set.ssl_enable_npn = (0 != va_arg(param, long)) ? TRUE : FALSE;
break;
case CURLOPT_SSL_ENABLE_ALPN:
data->set.ssl_enable_alpn = (0 != va_arg(param, long)) ? TRUE : FALSE;

5
lib/url.c
View File

@ -623,7 +623,6 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data)
set->tcp_keepidle = 60;
set->tcp_fastopen = FALSE;
set->tcp_nodelay = TRUE;
set->ssl_enable_npn = TRUE;
set->ssl_enable_alpn = TRUE;
set->expect_100_timeout = 1000L; /* Wait for a second by default. */
set->sep_headers = TRUE; /* separated header lists by default */
@ -4027,13 +4026,11 @@ static CURLcode create_conn(struct Curl_easy *data,
be able to do that if we have reached the limit of how many
connections we are allowed to open. */
if(conn->handler->flags & PROTOPT_ALPN_NPN) {
if(conn->handler->flags & PROTOPT_ALPN) {
/* The protocol wants it, so set the bits if enabled in the easy handle
(default) */
if(data->set.ssl_enable_alpn)
conn->bits.tls_enable_alpn = TRUE;
if(data->set.ssl_enable_npn)
conn->bits.tls_enable_npn = TRUE;
}
if(waitpipe)

8
lib/urldata.h
View File

@ -507,7 +507,6 @@ struct ConnectBits {
connection */
BIT(multiplex); /* connection is multiplexed */
BIT(tcp_fastopen); /* use TCP Fast Open */
BIT(tls_enable_npn); /* TLS NPN extension? */
BIT(tls_enable_alpn); /* TLS ALPN extension? */
BIT(connect_only);
#ifndef CURL_DISABLE_DOH
@ -803,7 +802,7 @@ struct Curl_handler {
url query strings (?foo=bar) ! */
#define PROTOPT_CREDSPERREQUEST (1<<7) /* requires login credentials per
request instead of per connection */
#define PROTOPT_ALPN_NPN (1<<8) /* set ALPN and/or NPN for this */
#define PROTOPT_ALPN (1<<8) /* set ALPN for this */
#define PROTOPT_STREAM (1<<9) /* a protocol with individual logical streams */
#define PROTOPT_URLOPTIONS (1<<10) /* allow options part in the userinfo field
of the URL */
@ -1118,8 +1117,8 @@ struct connectdata {
unsigned short localport;
unsigned short secondary_port; /* secondary socket remote port to connect to
(ftp) */
unsigned char negnpn; /* APLN or NPN TLS negotiated protocol,
a CURL_HTTP_VERSION* value */
unsigned char alpn; /* APLN TLS negotiated protocol, a CURL_HTTP_VERSION*
value */
unsigned char transport; /* one of the TRNSPRT_* defines */
unsigned char ip_version; /* copied from the Curl_easy at creation time */
unsigned char httpversion; /* the HTTP version*10 reported by the server */
@ -1875,7 +1874,6 @@ struct UserDefined {
BIT(sasl_ir); /* Enable/disable SASL initial response */
BIT(tcp_keepalive); /* use TCP keepalives */
BIT(tcp_fastopen); /* use TCP Fast Open */
BIT(ssl_enable_npn); /* TLS NPN extension? */
BIT(ssl_enable_alpn);/* TLS ALPN extension? */
BIT(path_as_is); /* allow dotdots? */
BIT(pipewait); /* wait for multiplex status before starting a new

6
lib/vtls/bearssl.c
View File

@ -875,14 +875,14 @@ static CURLcode bearssl_connect_step3(struct Curl_easy *data,
#ifdef USE_HTTP2
if(!strcmp(protocol, ALPN_H2))
conn->negnpn = CURL_HTTP_VERSION_2;
conn->alpn = CURL_HTTP_VERSION_2;
else
#endif
if(!strcmp(protocol, ALPN_HTTP_1_1))
conn->negnpn = CURL_HTTP_VERSION_1_1;
conn->alpn = CURL_HTTP_VERSION_1_1;
else
infof(data, "ALPN, unrecognized protocol %s", protocol);
Curl_multiuse_state(data, conn->negnpn == CURL_HTTP_VERSION_2 ?
Curl_multiuse_state(data, conn->alpn == CURL_HTTP_VERSION_2 ?
BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);
}
else

6
lib/vtls/gtls.c
View File

@ -1274,19 +1274,19 @@ Curl_gtls_verifyserver(struct Curl_easy *data,
if(proto.size == ALPN_H2_LENGTH &&
!memcmp(ALPN_H2, proto.data,
ALPN_H2_LENGTH)) {
conn->negnpn = CURL_HTTP_VERSION_2;
conn->alpn = CURL_HTTP_VERSION_2;
}
else
#endif
if(proto.size == ALPN_HTTP_1_1_LENGTH &&
!memcmp(ALPN_HTTP_1_1, proto.data, ALPN_HTTP_1_1_LENGTH)) {
conn->negnpn = CURL_HTTP_VERSION_1_1;
conn->alpn = CURL_HTTP_VERSION_1_1;
}
}
else
infof(data, VTLS_INFOF_NO_ALPN);
Curl_multiuse_state(data, conn->negnpn == CURL_HTTP_VERSION_2 ?
Curl_multiuse_state(data, conn->alpn == CURL_HTTP_VERSION_2 ?
BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);
}

6
lib/vtls/mbedtls.c
View File

@ -821,19 +821,19 @@ mbed_connect_step2(struct Curl_easy *data, struct connectdata *conn,
#ifdef USE_HTTP2
if(!strncmp(next_protocol, ALPN_H2, ALPN_H2_LENGTH) &&
!next_protocol[ALPN_H2_LENGTH]) {
conn->negnpn = CURL_HTTP_VERSION_2;
conn->alpn = CURL_HTTP_VERSION_2;
}
else
#endif
if(!strncmp(next_protocol, ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH) &&
!next_protocol[ALPN_HTTP_1_1_LENGTH]) {
conn->negnpn = CURL_HTTP_VERSION_1_1;
conn->alpn = CURL_HTTP_VERSION_1_1;
}
}
else {
infof(data, VTLS_INFOF_NO_ALPN);
}
Curl_multiuse_state(data, conn->negnpn == CURL_HTTP_VERSION_2 ?
Curl_multiuse_state(data, conn->alpn == CURL_HTTP_VERSION_2 ?
BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);
}
#endif

28
lib/vtls/nss.c
View File

@ -850,7 +850,7 @@ static void HandshakeCallback(PRFileDesc *sock, void *arg)
unsigned int buflen;
SSLNextProtoState state;
if(!conn->bits.tls_enable_npn && !conn->bits.tls_enable_alpn) {
if(!conn->bits.tls_enable_alpn) {
return;
}
@ -871,21 +871,21 @@ static void HandshakeCallback(PRFileDesc *sock, void *arg)
infof(data, VTLS_INFOF_ALPN_ACCEPTED_LEN_1STR, buflen, buf);
break;
#endif
case SSL_NEXT_PROTO_NEGOTIATED:
infof(data, "NPN, server accepted to use %.*s", buflen, buf);
default:
/* ignore SSL_NEXT_PROTO_NEGOTIATED */
break;
}
#ifdef USE_HTTP2
if(buflen == ALPN_H2_LENGTH &&
!memcmp(ALPN_H2, buf, ALPN_H2_LENGTH)) {
conn->negnpn = CURL_HTTP_VERSION_2;
conn->alpn = CURL_HTTP_VERSION_2;
}
else
#endif
if(buflen == ALPN_HTTP_1_1_LENGTH &&
!memcmp(ALPN_HTTP_1_1, buf, ALPN_HTTP_1_1_LENGTH)) {
conn->negnpn = CURL_HTTP_VERSION_1_1;
conn->alpn = CURL_HTTP_VERSION_1_1;
}
/* This callback might get called when PR_Recv() is used within
@ -893,7 +893,7 @@ static void HandshakeCallback(PRFileDesc *sock, void *arg)
* be any "bundle" associated with the connection anymore.
*/
if(conn->bundle)
Curl_multiuse_state(data, conn->negnpn == CURL_HTTP_VERSION_2 ?
Curl_multiuse_state(data, conn->alpn == CURL_HTTP_VERSION_2 ?
BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);
}
}
@ -936,8 +936,8 @@ static SECStatus CanFalseStartCallback(PRFileDesc *sock, void *client_data,
if(cipherInfo.symCipher != ssl_calg_aes_gcm)
goto end;
/* Enforce ALPN or NPN to do False Start, as an indicator of server
* compatibility. */
/* Enforce ALPN to do False Start, as an indicator of server
compatibility. */
rv = SSL_HandshakeNegotiatedExtension(sock, ssl_app_layer_protocol_xtn,
&negotiatedExtension);
if(rv != SECSuccess || !negotiatedExtension) {
@ -2136,12 +2136,6 @@ static CURLcode nss_setup_connect(struct Curl_easy *data,
}
#endif
#ifdef SSL_ENABLE_NPN
if(SSL_OptionSet(backend->handle, SSL_ENABLE_NPN, conn->bits.tls_enable_npn
? PR_TRUE : PR_FALSE) != SECSuccess)
goto error;
#endif
#ifdef SSL_ENABLE_ALPN
if(SSL_OptionSet(backend->handle, SSL_ENABLE_ALPN, conn->bits.tls_enable_alpn
? PR_TRUE : PR_FALSE) != SECSuccess)
@ -2160,15 +2154,15 @@ static CURLcode nss_setup_connect(struct Curl_easy *data,
}
#endif
#if defined(SSL_ENABLE_NPN) || defined(SSL_ENABLE_ALPN)
if(conn->bits.tls_enable_npn || conn->bits.tls_enable_alpn) {
#if defined(SSL_ENABLE_ALPN)
if(conn->bits.tls_enable_alpn) {
int cur = 0;
unsigned char protocols[128];
#ifdef USE_HTTP2
if(data->state.httpwant >= CURL_HTTP_VERSION_2
#ifndef CURL_DISABLE_PROXY
&& (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)
&& (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)
#endif
) {
protocols[cur++] = ALPN_H2_LENGTH;

77
lib/vtls/openssl.c
View File

@ -2254,72 +2254,6 @@ static void ossl_trace(int direction, int ssl_ver, int content_type,
# define HAS_ALPN 1
#endif
/* Check for OpenSSL 1.0.1 which has NPN support. */
#undef HAS_NPN
#if OPENSSL_VERSION_NUMBER >= 0x10001000L \
&& !defined(OPENSSL_NO_TLSEXT) \
&& !defined(OPENSSL_NO_NEXTPROTONEG)
# define HAS_NPN 1
#endif
#ifdef HAS_NPN
/*
* in is a list of length prefixed strings. this function has to select
* the protocol we want to use from the list and write its string into out.
*/
static int
select_next_protocol(unsigned char **out, unsigned char *outlen,
const unsigned char *in, unsigned int inlen,
const char *key, unsigned int keylen)
{
unsigned int i;
for(i = 0; i + keylen <= inlen; i += in[i] + 1) {
if(memcmp(&in[i + 1], key, keylen) == 0) {
*out = (unsigned char *) &in[i + 1];
*outlen = in[i];
return 0;
}
}
return -1;
}
static int
select_next_proto_cb(SSL *ssl,
unsigned char **out, unsigned char *outlen,
const unsigned char *in, unsigned int inlen,
void *arg)
{
struct Curl_easy *data = (struct Curl_easy *)arg;
struct connectdata *conn = data->conn;
(void)ssl;
#ifdef USE_HTTP2
if(data->state.httpwant >= CURL_HTTP_VERSION_2 &&
!select_next_protocol(out, outlen, in, inlen, ALPN_H2, ALPN_H2_LENGTH)) {
infof(data, "NPN, negotiated HTTP2 (%s)", ALPN_H2);
conn->negnpn = CURL_HTTP_VERSION_2;
return SSL_TLSEXT_ERR_OK;
}
#endif
if(!select_next_protocol(out, outlen, in, inlen, ALPN_HTTP_1_1,
ALPN_HTTP_1_1_LENGTH)) {
infof(data, "NPN, negotiated HTTP1.1");
conn->negnpn = CURL_HTTP_VERSION_1_1;
return SSL_TLSEXT_ERR_OK;
}
infof(data, "NPN, no overlap, use HTTP1.1");
*out = (unsigned char *)ALPN_HTTP_1_1;
*outlen = ALPN_HTTP_1_1_LENGTH;
conn->negnpn = CURL_HTTP_VERSION_1_1;
return SSL_TLSEXT_ERR_OK;
}
#endif /* HAS_NPN */
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) /* 1.1.0 */
static CURLcode
set_ssl_version_min_max(SSL_CTX *ctx, struct connectdata *conn)
@ -2810,11 +2744,6 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data,
SSL_CTX_set_options(backend->ctx, ctx_options);
#ifdef HAS_NPN
if(conn->bits.tls_enable_npn)
SSL_CTX_set_next_proto_select_cb(backend->ctx, select_next_proto_cb, data);
#endif
#ifdef HAS_ALPN
if(conn->bits.tls_enable_alpn) {
int cur = 0;
@ -3442,19 +3371,19 @@ static CURLcode ossl_connect_step2(struct Curl_easy *data,
#ifdef USE_HTTP2
if(len == ALPN_H2_LENGTH &&
!memcmp(ALPN_H2, neg_protocol, len)) {
conn->negnpn = CURL_HTTP_VERSION_2;
conn->alpn = CURL_HTTP_VERSION_2;
}
else
#endif
if(len == ALPN_HTTP_1_1_LENGTH &&
!memcmp(ALPN_HTTP_1_1, neg_protocol, ALPN_HTTP_1_1_LENGTH)) {
conn->negnpn = CURL_HTTP_VERSION_1_1;
conn->alpn = CURL_HTTP_VERSION_1_1;
}
}
else
infof(data, VTLS_INFOF_NO_ALPN);
Curl_multiuse_state(data, conn->negnpn == CURL_HTTP_VERSION_2 ?
Curl_multiuse_state(data, conn->alpn == CURL_HTTP_VERSION_2 ?
BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);
}
#endif

6
lib/vtls/rustls.c
View File

@ -415,20 +415,20 @@ cr_set_negotiated_alpn(struct Curl_easy *data, struct connectdata *conn,
#ifdef USE_HTTP2
if(len == ALPN_H2_LENGTH && 0 == memcmp(ALPN_H2, protocol, len)) {
infof(data, VTLS_INFOF_ALPN_ACCEPTED_1STR, ALPN_H2);
conn->negnpn = CURL_HTTP_VERSION_2;
conn->alpn = CURL_HTTP_VERSION_2;
}
else
#endif
if(len == ALPN_HTTP_1_1_LENGTH &&
0 == memcmp(ALPN_HTTP_1_1, protocol, len)) {
infof(data, VTLS_INFOF_ALPN_ACCEPTED_1STR, ALPN_HTTP_1_1);
conn->negnpn = CURL_HTTP_VERSION_1_1;
conn->alpn = CURL_HTTP_VERSION_1_1;
}
else {
infof(data, "ALPN, negotiated an unrecognized protocol");
}
Curl_multiuse_state(data, conn->negnpn == CURL_HTTP_VERSION_2 ?
Curl_multiuse_state(data, conn->alpn == CURL_HTTP_VERSION_2 ?
BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);
}

6
lib/vtls/schannel.c
View File

@ -1720,19 +1720,19 @@ schannel_connect_step3(struct Curl_easy *data, struct connectdata *conn,
#ifdef USE_HTTP2
if(alpn_result.ProtocolIdSize == ALPN_H2_LENGTH &&
!memcmp(ALPN_H2, alpn_result.ProtocolId, ALPN_H2_LENGTH)) {
conn->negnpn = CURL_HTTP_VERSION_2;
conn->alpn = CURL_HTTP_VERSION_2;
}
else
#endif
if(alpn_result.ProtocolIdSize == ALPN_HTTP_1_1_LENGTH &&
!memcmp(ALPN_HTTP_1_1, alpn_result.ProtocolId,
ALPN_HTTP_1_1_LENGTH)) {
conn->negnpn = CURL_HTTP_VERSION_1_1;
conn->alpn = CURL_HTTP_VERSION_1_1;
}
}
else
infof(data, VTLS_INFOF_NO_ALPN);
Curl_multiuse_state(data, conn->negnpn == CURL_HTTP_VERSION_2 ?
Curl_multiuse_state(data, conn->alpn == CURL_HTTP_VERSION_2 ?
BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);
}
#endif

6
lib/vtls/sectransp.c
View File

@ -2847,18 +2847,18 @@ sectransp_connect_step2(struct Curl_easy *data, struct connectdata *conn,
#ifdef USE_HTTP2
if(chosenProtocol &&
!CFStringCompare(chosenProtocol, CFSTR(ALPN_H2), 0)) {
conn->negnpn = CURL_HTTP_VERSION_2;
conn->alpn = CURL_HTTP_VERSION_2;
}
else
#endif
if(chosenProtocol &&
!CFStringCompare(chosenProtocol, CFSTR(ALPN_HTTP_1_1), 0)) {
conn->negnpn = CURL_HTTP_VERSION_1_1;
conn->alpn = CURL_HTTP_VERSION_1_1;
}
else
infof(data, VTLS_INFOF_NO_ALPN);
Curl_multiuse_state(data, conn->negnpn == CURL_HTTP_VERSION_2 ?
Curl_multiuse_state(data, conn->alpn == CURL_HTTP_VERSION_2 ?
BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);
/* chosenProtocol is a reference to the string within alpnArr

6
lib/vtls/wolfssl.c
View File

@ -763,17 +763,17 @@ wolfssl_connect_step2(struct Curl_easy *data, struct connectdata *conn,
if(protocol_len == ALPN_HTTP_1_1_LENGTH &&
!memcmp(protocol, ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH))
conn->negnpn = CURL_HTTP_VERSION_1_1;
conn->alpn = CURL_HTTP_VERSION_1_1;
#ifdef USE_HTTP2
else if(data->state.httpwant >= CURL_HTTP_VERSION_2 &&
protocol_len == ALPN_H2_LENGTH &&
!memcmp(protocol, ALPN_H2, ALPN_H2_LENGTH))
conn->negnpn = CURL_HTTP_VERSION_2;
conn->alpn = CURL_HTTP_VERSION_2;
#endif
else
infof(data, "ALPN, unrecognized protocol %.*s", protocol_len,
protocol);
Curl_multiuse_state(data, conn->negnpn == CURL_HTTP_VERSION_2 ?
Curl_multiuse_state(data, conn->alpn == CURL_HTTP_VERSION_2 ?
BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);
}
else if(rc == SSL_ALPN_NOT_FOUND)

1
src/tool_cfgable.h
View File

@ -267,7 +267,6 @@ struct OperationConfig {
certificate for authentication (Schannel) */
bool proxy_ssl_auto_client_cert; /* proxy version of ssl_auto_client_cert */
char *oauth_bearer; /* OAuth 2.0 bearer token */
bool nonpn; /* enable/disable TLS NPN extension */
bool noalpn; /* enable/disable TLS ALPN extension */
char *unix_socket_path; /* path to Unix domain socket */
bool abstract_unix_socket; /* path to an abstract Unix domain socket */

2
src/tool_getparam.c
View File

@ -740,7 +740,7 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
global->tracetype = TRACE_BIN;
break;
case 'G': /* --npn */
config->nonpn = (!toggle)?TRUE:FALSE;
warnf(global, "--npn is no longer supported\n");
break;
case 'h': /* --trace-ascii */
GetStr(&global->trace_dump, nextarg);

4
src/tool_operate.c
View File

@ -2084,10 +2084,6 @@ static CURLcode single_transfer(struct GlobalConfig *global,
if(config->sasl_ir)
my_setopt(curl, CURLOPT_SASL_IR, 1L);
if(config->nonpn) {
my_setopt(curl, CURLOPT_SSL_ENABLE_NPN, 0L);
}
if(config->noalpn) {
my_setopt(curl, CURLOPT_SSL_ENABLE_ALPN, 0L);
}