SSL_CTX_set_client_hello_cb - How to select protocol for ALPN?
Osman Zakir
osmanzakir90 at hotmail.com
Mon Aug 1 02:00:58 UTC 2022
How do I actually select the protocol for ALPN? I have this:
SSL_client_hello_cb_fn set_alpn_cb(SSL* ssl, int* alert, const unsigned char* arg)
{
constexpr int ext_type{ TLSEXT_TYPE_application_layer_protocol_negotiation };
int extensions[1]{ ext_type };
std::size_t extensions_len{ 1u };
int extensions_present{ SSL_client_hello_get1_extensions_present(ssl,
reinterpret_cast<int**>(extensions), &extensions_len) };
const unsigned char** alpn_str;
std::size_t alpn_str_len{};
// 1 means success
if (extensions_present == 1)
{
SSL_client_hello_get0_ext(ssl, ext_type, alpn_str, &alpn_str_len);
std::cout << "alpn_str: " << alpn_str << std::endl;
return reinterpret_cast<SSL_client_hello_cb_fn>(SSL_CLIENT_HELLO_SUCCESS);
}
else if (extensions_present == 0)
{
return reinterpret_cast<SSL_client_hello_cb_fn>(SSL_CLIENT_HELLO_ERROR);
}
return reinterpret_cast<SSL_client_hello_cb_fn>(SSL_CLIENT_HELLO_RETRY);
}
Would I be correct to assume that I have to set arg to point to "h2" in wire-format? Hopefully someone good at parsing the ClientHello message and who also knows C++ would answer too. Thanks.
I'm thinking it may actually be easier for me to just use SSL_CTX_set_alpn_select_cb since it has those out and in parameters. I do also want to know what I should initialize the SSL* pointer to point to, though, in either case.
Osman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20220801/b9f826b8/attachment.htm>
More information about the openssl-users
mailing list