SSL_CTX_set_alpn_select_cb and Other OpenSSL API ALPN Functions + Their Callbacks
Angus Robertson - Magenta Systems Ltd
angus at magsys.co.uk
Fri Jul 29 16:22:00 UTC 2022
> I don't understand how to write the callback functions some of
> the OpenSSL ALPN functions expect, and the manual really isn't
> helping there either, so I'd like some help.
Use SSL_CTX_set_client_hello_cb to set a SSL_client_hello_cb_fn
function, which you can parse to get TLSEXT_TYPE_server_name and
TLSEXT_TYPE_application_layer_protocol_negotiation, and everything else
sent in the Client Hello (if you need it) like SSL versions and ciphers
supported.
Within this callback you can change SSL_CTX depending on SNI and ALPN.
Ignore the SNI and ALPN callbacks. client_hello_cb was only added in
1.1.1 so is often missing from old examples, FAQs and manuals.
Angus
More information about the openssl-users
mailing list