moparisthebest
/
curl
mirror of https://github.com/moparisthebest/curl
1
0
Fork 0
Code Issues Releases Wiki Activity

TLS: fix HTTP/2 selection 

for GnuTLS, BearSSL, mbedTLS, NSS, SChannnel, Secure Transport and
wolfSSL...

Regression since 88dd1a8a11 (shipped in 7.76.0)
Reported-by: Kenneth Davidson
Reported-by: romamik om github
Fixes #6825
Closes #6827
This commit is contained in:
Daniel Stenberg 2021-04-01 16:25:19 +02:00
parent 3085ccfae9
commit f573998c22
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
7 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/vtls/bearssl.c
View File

@ -391,7 +391,7 @@ static CURLcode bearssl_connect_step1(struct Curl_easy *data,
*/
#ifdef USE_NGHTTP2
if(data->state.httpversion >= CURL_HTTP_VERSION_2
if(data->state.httpwant >= CURL_HTTP_VERSION_2
#ifndef CURL_DISABLE_PROXY
&& (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)
#endif

2
lib/vtls/gtls.c
View File

@ -612,7 +612,7 @@ gtls_connect_step1(struct Curl_easy *data,
gnutls_datum_t protocols[2];
#ifdef USE_NGHTTP2
if(data->state.httpversion >= CURL_HTTP_VERSION_2
if(data->state.httpwant >= CURL_HTTP_VERSION_2
#ifndef CURL_DISABLE_PROXY
&& (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)
#endif

2
lib/vtls/mbedtls.c
View File

@ -497,7 +497,7 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn,
if(conn->bits.tls_enable_alpn) {
const char **p = &backend->protocols[0];
#ifdef USE_NGHTTP2
if(data->state.httpversion >= CURL_HTTP_VERSION_2)
if(data->state.httpwant >= CURL_HTTP_VERSION_2)
*p++ = NGHTTP2_PROTO_VERSION_ID;
#endif
*p++ = ALPN_HTTP_1_1;

2
lib/vtls/nss.c
View File

@ -2080,7 +2080,7 @@ static CURLcode nss_setup_connect(struct Curl_easy *data,
unsigned char protocols[128];
#ifdef USE_NGHTTP2
if(data->state.httpversion >= CURL_HTTP_VERSION_2
if(data->state.httpwant >= CURL_HTTP_VERSION_2
#ifndef CURL_DISABLE_PROXY
&& (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)
#endif

2
lib/vtls/schannel.c
View File

@ -862,7 +862,7 @@ schannel_connect_step1(struct Curl_easy *data, struct connectdata *conn,
list_start_index = cur;
#ifdef USE_NGHTTP2
if(data->state.httpversion >= CURL_HTTP_VERSION_2) {
if(data->state.httpwant >= CURL_HTTP_VERSION_2) {
memcpy(&alpn_buffer[cur], NGHTTP2_PROTO_ALPN, NGHTTP2_PROTO_ALPN_LEN);
cur += NGHTTP2_PROTO_ALPN_LEN;
infof(data, "schannel: ALPN, offering %s\n", NGHTTP2_PROTO_VERSION_ID);

2
lib/vtls/sectransp.c
View File

@ -1613,7 +1613,7 @@ static CURLcode sectransp_connect_step1(struct Curl_easy *data,
&kCFTypeArrayCallBacks);
#ifdef USE_NGHTTP2
if(data->state.httpversion >= CURL_HTTP_VERSION_2
if(data->state.httpwant >= CURL_HTTP_VERSION_2
#ifndef CURL_DISABLE_PROXY
&& (!isproxy || !conn->bits.tunnel_proxy)
#endif

4
lib/vtls/wolfssl.c
View File

@ -475,7 +475,7 @@ wolfssl_connect_step1(struct Curl_easy *data, struct connectdata *conn,
protocols in descending order of preference, eg: "h2,http/1.1" */
#ifdef USE_NGHTTP2
if(data->state.httpversion >= CURL_HTTP_VERSION_2) {
if(data->state.httpwant >= CURL_HTTP_VERSION_2) {
strcpy(protocols + strlen(protocols), NGHTTP2_PROTO_VERSION_ID ",");
infof(data, "ALPN, offering %s\n", NGHTTP2_PROTO_VERSION_ID);
}
@ -726,7 +726,7 @@ wolfssl_connect_step2(struct Curl_easy *data, struct connectdata *conn,
!memcmp(protocol, ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH))
conn->negnpn = CURL_HTTP_VERSION_1_1;
#ifdef USE_NGHTTP2
else if(data->state.httpversion >= CURL_HTTP_VERSION_2 &&
else if(data->state.httpwant >= CURL_HTTP_VERSION_2 &&
protocol_len == NGHTTP2_PROTO_VERSION_ID_LEN &&
!memcmp(protocol, NGHTTP2_PROTO_VERSION_ID,
NGHTTP2_PROTO_VERSION_ID_LEN))