Re: SSL_CTX_set_alpn_select_cb and Other OpenSSL API ALPN Functions + Their Callbacks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> While this may be reasonable advice for SNI, I'm not sure that 
> this is correct for ALPN. I don't think it is actually possible 
> to set the selected ALPN *without* using the ALPN callback. At 
> least I can't see a way.

Correct, I wondered why I still used both callbacks.  

But I also know from experience you can not change SSL_CTX in the ALPN
callback, it's too late in the handshake process.  

So if you need to change CTX, for instance for ALPN acme-tls/1 for
Let's Encrypt, you have to do it during the HELO callback. 

> A useful addition to OpenSSL might be a new API to set the
> selected ALPN directly which could be called from a client_hello_cb.

Indeed, would save using two callbacks.  

Angus
 




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux