Commit e3fbdc7c authored by Kamil Dudka's avatar Kamil Dudka
Browse files

nss: explicitly tell NSS to disable NPN/ALPN 

... if disabled at libcurl level.  Otherwise, we would allow to
negotiate NPN despite curl was invoked with the --no-npn option.
parent 28de5850

lib/vtls/nss.c

+6 −9
Original line number Diff line number Diff line
@@ -1641,18 +1641,15 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex) 
#endif



#ifdef SSL_ENABLE_NPN

  if(data->set.ssl_enable_npn) {

    if(SSL_OptionSet(connssl->handle, SSL_ENABLE_NPN, PR_TRUE) != SECSuccess)

  if(SSL_OptionSet(connssl->handle, SSL_ENABLE_NPN, data->set.ssl_enable_npn

        ? PR_TRUE : PR_FALSE) != SECSuccess)

    goto error;

  }

#endif



#ifdef SSL_ENABLE_ALPN

  if(data->set.ssl_enable_alpn) {

    if(SSL_OptionSet(connssl->handle, SSL_ENABLE_ALPN, PR_TRUE)

        != SECSuccess)

  if(SSL_OptionSet(connssl->handle, SSL_ENABLE_ALPN, data->set.ssl_enable_alpn

        ? PR_TRUE : PR_FALSE) != SECSuccess)

    goto error;

  }

#endif



#if defined(SSL_ENABLE_NPN) || defined(SSL_ENABLE_ALPN)