commit c8ff30cbe716c72279a6f6a9d7d7d0d4091220fa
author David Benjamin <davidben@google.com> Tue Apr 04 13:52:36 2017 -0400
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Wed Apr 05 00:33:57 2017 +0000
tree 793307005f660bd286e991146c83502dc03ece70
parent 0686c09eeaed24f778fe0a86561ae7200751be13

Add an option to allow unknown ALPN protocols.

We received an external request to add an option to undo the check added
in 3e51757de2bf9beef7d249f22d255e4dd9ddb012.

Change-Id: Ifdd4b07705f2fa3d781d775d5cd139ea72d36734
Reviewed-on: https://boringssl-review.googlesource.com/14644
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

include/openssl/ssl.h

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 75862fc..6a6cd85 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -2586,6 +2586,13 @@
                                            const uint8_t **out_data,
                                            unsigned *out_len);
 
+/* SSL_CTX_set_allow_unknown_alpn_protos configures client connections on |ctx|
+ * to allow unknown ALPN protocols from the server. Otherwise, by default, the
+ * client will require that the protocol be advertised in
+ * |SSL_CTX_set_alpn_protos|. */
+OPENSSL_EXPORT void SSL_CTX_set_allow_unknown_alpn_protos(SSL_CTX *ctx,
+                                                          int enabled);
+
 
 /* Next protocol negotiation.
  *
@@ -4280,6 +4287,10 @@
    * that this currently requires post-handshake verification of
    * certificates. */
   unsigned i_promise_to_verify_certs_after_the_handshake:1;
+
+  /* allow_unknown_alpn_protos is one if the client allows unsolicited ALPN
+   * protocols from the peer. */
+  unsigned allow_unknown_alpn_protos:1;
 };