diff --git a/include/polarssl/config.h b/include/polarssl/config.h index 83aa9a306..78102f0a8 100644 --- a/include/polarssl/config.h +++ b/include/polarssl/config.h @@ -860,6 +860,19 @@ */ #define POLARSSL_SSL_PROTO_TLS1_2 +/** + * \def POLARSSL_SSL_ALPN + * + * Enable support for Application Layer Protocol Negotiation. + * draft-ietf-tls-applayerprotoneg-05 + * + * This is disabled by default in the 1.3.x line since it breaks ABI + * compatibility. + * + * Uncomment this macro to enable support for ALPN. + */ +#define POLARSSL_SSL_ALPN + /** * \def POLARSSL_SSL_SESSION_TICKETS * diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index c1aff67b5..e4a8dc763 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -762,6 +762,14 @@ struct _ssl_context size_t hostname_len; #endif +#if defined(POLARSSL_SSL_ALPN) + /* + * ALPN extension + */ + const char **alpn_list; /*!< ordered list of supported protocols */ + const char *alpn_chosen; /*!< negotiated protocol */ +#endif + /* * Secure renegotiation */ @@ -1232,6 +1240,28 @@ void ssl_set_sni( ssl_context *ssl, void *p_sni ); #endif /* POLARSSL_SSL_SERVER_NAME_INDICATION */ +#if defined(POLARSSL_SSL_ALPN) +/** + * \brief Set the supported Application Layer Protocols. + * + * \param ssl SSL context + * \param protos NULL-terminated list of supported protocols, + * in decreasing preference order. + */ +void ssl_set_alpn_protocols( ssl_context *ssl, const char **protos ); + +/** + * \brief Get the name of the negotiated Application Layer Protocol. + * This function should be called after the handshake is + * completed. + * + * \param ssl SSL context + * + * \return Protcol name, or NULL if no protocol was negotiated. + */ +const char *ssl_get_alpn_protocol( const ssl_context *ssl ); +#endif /* POLARSSL_SSL_ALPN */ + /** * \brief Set the maximum supported version sent from the client side * and/or accepted at the server side diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 681b7c39d..eb293718e 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3520,6 +3520,10 @@ int ssl_session_reset( ssl_context *ssl ) ssl->session = NULL; } +#if defined(POLARSSL_SSL_ALPN) + ssl->alpn_chosen = NULL; +#endif + if( ( ret = ssl_handshake_init( ssl ) ) != 0 ) return( ret ); @@ -3914,6 +3918,18 @@ void ssl_set_sni( ssl_context *ssl, } #endif /* POLARSSL_SSL_SERVER_NAME_INDICATION */ +#if defined(POLARSSL_SSL_ALPN) +void ssl_set_alpn_protocols( ssl_context *ssl, const char **protos ) +{ + ssl->alpn_list = protos; +} + +const char *ssl_get_alpn_protocol( const ssl_context *ssl ) +{ + return ssl->alpn_chosen; +} +#endif /* POLARSSL_SSL_ALPN */ + void ssl_set_max_version( ssl_context *ssl, int major, int minor ) { if( major >= SSL_MIN_MAJOR_VERSION && major <= SSL_MAX_MAJOR_VERSION &&