diff --git a/lib/urldata.h b/lib/urldata.h index c359c06d0..a2dc1c362 100644 --- a/lib/urldata.h +++ b/lib/urldata.h @@ -288,6 +288,9 @@ struct ssl_connect_data { current state of the connection. */ bool use; ssl_connection_state state; +#ifdef USE_NGHTTP2 + bool asked_for_h2; +#endif #ifdef USE_SSLEAY /* these ones requires specific SSL-types */ SSL_CTX* ctx; diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c index 434f872ff..a9c42c2d8 100644 --- a/lib/vtls/gtls.c +++ b/lib/vtls/gtls.c @@ -618,6 +618,7 @@ gtls_connect_step1(struct connectdata *conn, gnutls_alpn_set_protocols(session, protocols, protocols_size, 0); infof(data, "ALPN, offering %s, %s\n", NGHTTP2_PROTO_VERSION_ID, ALPN_HTTP_1_1); + connssl->asked_for_h2 = TRUE; } else { infof(data, "SSL, can't negotiate HTTP/2.0 without ALPN\n"); @@ -1047,7 +1048,7 @@ gtls_connect_step3(struct connectdata *conn, conn->negnpn = NPN_HTTP1_1; } } - else { + else if(connssl->asked_for_h2) { infof(data, "ALPN, server did not agree to a protocol\n"); } } diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c index 8161b434d..f26cba0d4 100644 --- a/lib/vtls/nss.c +++ b/lib/vtls/nss.c @@ -665,18 +665,19 @@ static void HandshakeCallback(PRFileDesc *sock, void *arg) if(SSL_GetNextProto(sock, &state, buf, &buflen, buflenmax) == SECSuccess) { switch(state) { - case SSL_NEXT_PROTO_NO_SUPPORT: - case SSL_NEXT_PROTO_NO_OVERLAP: + case SSL_NEXT_PROTO_NO_SUPPORT: + case SSL_NEXT_PROTO_NO_OVERLAP: + if(connssl->asked_for_h2) infof(conn->data, "TLS, neither ALPN nor NPN succeeded\n"); - return; + return; #ifdef SSL_ENABLE_ALPN - case SSL_NEXT_PROTO_SELECTED: - infof(conn->data, "ALPN, server accepted to use %.*s\n", buflen, buf); - break; + case SSL_NEXT_PROTO_SELECTED: + infof(conn->data, "ALPN, server accepted to use %.*s\n", buflen, buf); + break; #endif - case SSL_NEXT_PROTO_NEGOTIATED: - infof(conn->data, "NPN, server accepted to use %.*s\n", buflen, buf); - break; + case SSL_NEXT_PROTO_NEGOTIATED: + infof(conn->data, "NPN, server accepted to use %.*s\n", buflen, buf); + break; } if(buflen == NGHTTP2_PROTO_VERSION_ID_LEN && @@ -1639,6 +1640,7 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex) if(SSL_SetNextProtoNego(connssl->handle, alpn_protos, alpn_protos_len) != SECSuccess) goto error; + connssl->asked_for_h2 = TRUE; } else { infof(data, "SSL, can't negotiate HTTP/2.0 with neither NPN nor ALPN\n"); diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index ccf2f738b..4bd7d0aaf 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -1742,6 +1742,7 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex) infof(data, "ALPN, offering %s, %s\n", NGHTTP2_PROTO_VERSION_ID, ALPN_HTTP_1_1); + connssl->asked_for_h2 = TRUE; } #endif } @@ -2028,14 +2029,16 @@ static CURLcode ossl_connect_step2(struct connectdata *conn, int sockindex) if(len == NGHTTP2_PROTO_VERSION_ID_LEN && memcmp(NGHTTP2_PROTO_VERSION_ID, neg_protocol, len) == 0) { - conn->negnpn = NPN_HTTP2; + conn->negnpn = NPN_HTTP2; } - else if(len == ALPN_HTTP_1_1_LENGTH && memcmp(ALPN_HTTP_1_1, - neg_protocol, ALPN_HTTP_1_1_LENGTH) == 0) { + else if(len == + ALPN_HTTP_1_1_LENGTH && memcmp(ALPN_HTTP_1_1, + neg_protocol, + ALPN_HTTP_1_1_LENGTH) == 0) { conn->negnpn = NPN_HTTP1_1; } } - else + else if(connssl->asked_for_h2) infof(data, "ALPN, server did not agree to a protocol\n"); } #endif diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c index a9ea1e528..822617846 100644 --- a/lib/vtls/polarssl.c +++ b/lib/vtls/polarssl.c @@ -358,6 +358,7 @@ polarssl_connect_step1(struct connectdata *conn, ssl_set_alpn_protocols(&connssl->ssl, protocols); infof(data, "ALPN, offering %s, %s\n", protocols[0], protocols[1]); + connssl->asked_for_h2 = TRUE; } } #endif @@ -466,7 +467,7 @@ polarssl_connect_step2(struct connectdata *conn, conn->negnpn = NPN_HTTP1_1; } } - else { + else if(connssl->asked_for_h2) { infof(data, "ALPN, server did not agree to a protocol\n"); } }