Commit 909a68c1 authored by Fabian Frank's avatar Fabian Frank Committed by Daniel Stenberg
Browse files

NPN/ALPN: allow disabling via command line 

when using --http2 one can now selectively disable NPN or ALPN with
--no-alpn and --no-npn. for now honored with NSS only.

TODO: honor this option with GnuTLS and OpenSSL
parent 70bd9784

docs/curl.1

+12 −0
Original line number Diff line number Diff line
@@ -133,6 +133,18 @@ version. (Added in 7.33.0) 
.IP "--http2"

(HTTP) Tells curl to issue its requests using HTTP 2. This requires that the

underlying libcurl was built to support it. (Added in 7.33.0)

.IP "--no-npn"

Disable the NPN TLS extension. NPN is enabled by default if libcurl was built

with an SSL library that supports NPN. NPN is used by a libcurl that supports

HTTP 2 to negoatiate HTTP 2 support with the server during https sessions.



(Added in 7.36.0)

.IP "--no-alpn"

Disable the ALPN TLS extension. ALPN is enabled by default if libcurl was built

with an SSL library that supports ALPN. ALPN is used by a libcurl that supports

HTTP 2 to negoatiate HTTP 2 support with the server during https sessions.



(Added in 7.36.0)

.IP "-1, --tlsv1"

(SSL)

Forces curl to use TLS version 1 when negotiating with a remote TLS server.

docs/libcurl/symbols-in-versions

+2 −0
Original line number Diff line number Diff line
@@ -495,6 +495,8 @@ CURLOPT_SSLKEY 7.9.3 
CURLOPT_SSLKEYPASSWD            7.9.3         7.17.0

CURLOPT_SSLKEYTYPE              7.9.3

CURLOPT_SSLVERSION              7.1

CURLOPT_SSL_ENABLE_ALPN         7.36.0

CURLOPT_SSL_ENABLE_NPN          7.36.0

CURLOPT_SSL_CIPHER_LIST         7.9

CURLOPT_SSL_CTX_DATA            7.10.6

CURLOPT_SSL_CTX_FUNCTION        7.10.6

include/curl/curl.h

+6 −0
Original line number Diff line number Diff line
@@ -1571,6 +1571,12 @@ typedef enum { 
  /* Set authentication options directly */

  CINIT(LOGIN_OPTIONS, OBJECTPOINT, 224),



  /* Enable/disable TLS NPN extension (http2 over ssl might fail without) */

  CINIT(SSL_ENABLE_NPN, LONG, 225),



  /* Enable/disable TLS ALPN extension (http2 over ssl might fail without) */

  CINIT(SSL_ENABLE_ALPN, LONG, 226),



  CURLOPT_LASTENTRY /* the last unused */

} CURLoption;

lib/url.c

+8 −0
Original line number Diff line number Diff line
@@ -563,6 +563,8 @@ CURLcode Curl_init_userdefined(struct UserDefined *set) 
  set->tcp_keepintvl = 60;

  set->tcp_keepidle = 60;



  set->ssl_enable_npn = TRUE;

  set->ssl_enable_alpn = TRUE;

  return res;

}
@@ -2478,6 +2480,12 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option, 
  case CURLOPT_TCP_KEEPINTVL:

    data->set.tcp_keepintvl = va_arg(param, long);

    break;

  case CURLOPT_SSL_ENABLE_NPN:

    data->set.ssl_enable_npn = (0 != va_arg(param, long))?TRUE:FALSE;

    break;

  case CURLOPT_SSL_ENABLE_ALPN:

    data->set.ssl_enable_alpn = (0 != va_arg(param, long))?TRUE:FALSE;

    break;



  default:

    /* unknown tag and its companion, just ignore: */

lib/urldata.h

+3 −0
Original line number Diff line number Diff line
@@ -1593,6 +1593,9 @@ struct UserDefined { 
  long tcp_keepintvl;    /* seconds between TCP keepalive probes */



  size_t maxconnects;  /* Max idle connections in the connection cache */



  bool ssl_enable_npn;  /* TLS NPN extension? */

  bool ssl_enable_alpn; /* TLS ALPN extension? */

};



struct Names {