SSL_CTX_set_client_hello_cb - How to select protocol for ALPN?

Osman Zakir osmanzakir90 at
Mon Aug 1 02:00:58 UTC 2022

How do I actually select the protocol for ALPN?  I have this:
SSL_client_hello_cb_fn set_alpn_cb(SSL* ssl, int* alert, const unsigned char* arg)
      constexpr int ext_type{ TLSEXT_TYPE_application_layer_protocol_negotiation };
      int extensions[1]{ ext_type };
      std::size_t extensions_len{ 1u };
      int extensions_present{ SSL_client_hello_get1_extensions_present(ssl,
            reinterpret_cast<int**>(extensions), &extensions_len) };
      const unsigned char** alpn_str;
      std::size_t alpn_str_len{};

      // 1 means success
      if (extensions_present == 1)
            SSL_client_hello_get0_ext(ssl, ext_type, alpn_str, &alpn_str_len);
            std::cout << "alpn_str: " << alpn_str << std::endl;
            return reinterpret_cast<SSL_client_hello_cb_fn>(SSL_CLIENT_HELLO_SUCCESS);
      else if (extensions_present == 0)
            return reinterpret_cast<SSL_client_hello_cb_fn>(SSL_CLIENT_HELLO_ERROR);
      return reinterpret_cast<SSL_client_hello_cb_fn>(SSL_CLIENT_HELLO_RETRY);

Would I be correct to assume that I have to set arg​ to point to "h2" in wire-format?  Hopefully someone good at parsing the ClientHello message and who also knows C++ would answer too.  Thanks.

I'm thinking it may actually be easier for me to just use SSL_CTX_set_alpn_select_cb since it has those out and in parameters.  I do also want to know what I should initialize the SSL* pointer to point to, though, in either case.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-users mailing list