commit c8ff30cbe716c72279a6f6a9d7d7d0d4091220fa
author David Benjamin <davidben@google.com> Tue Apr 04 13:52:36 2017 -0400
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Wed Apr 05 00:33:57 2017 +0000
tree 793307005f660bd286e991146c83502dc03ece70
parent 0686c09eeaed24f778fe0a86561ae7200751be13

Add an option to allow unknown ALPN protocols.

We received an external request to add an option to undo the check added
in 3e51757de2bf9beef7d249f22d255e4dd9ddb012.

Change-Id: Ifdd4b07705f2fa3d781d775d5cd139ea72d36734
Reviewed-on: https://boringssl-review.googlesource.com/14644
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

ssl/t1_lib.c

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 45a04c1..793e2d7 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1432,31 +1432,33 @@
     return 0;
   }
 
-  /* Check that the protcol name is one of the ones we advertised. */
-  int protocol_ok = 0;
-  CBS client_protocol_name_list, client_protocol_name;
-  CBS_init(&client_protocol_name_list, ssl->alpn_client_proto_list,
-           ssl->alpn_client_proto_list_len);
-  while (CBS_len(&client_protocol_name_list) > 0) {
-    if (!CBS_get_u8_length_prefixed(&client_protocol_name_list,
-                                    &client_protocol_name)) {
-      *out_alert = SSL_AD_INTERNAL_ERROR;
+  if (!ssl->ctx->allow_unknown_alpn_protos) {
+    /* Check that the protocol name is one of the ones we advertised. */
+    int protocol_ok = 0;
+    CBS client_protocol_name_list, client_protocol_name;
+    CBS_init(&client_protocol_name_list, ssl->alpn_client_proto_list,
+             ssl->alpn_client_proto_list_len);
+    while (CBS_len(&client_protocol_name_list) > 0) {
+      if (!CBS_get_u8_length_prefixed(&client_protocol_name_list,
+                                      &client_protocol_name)) {
+        *out_alert = SSL_AD_INTERNAL_ERROR;
+        return 0;
+      }
+
+      if (CBS_len(&client_protocol_name) == CBS_len(&protocol_name) &&
+          OPENSSL_memcmp(CBS_data(&client_protocol_name),
+                         CBS_data(&protocol_name),
+                         CBS_len(&protocol_name)) == 0) {
+        protocol_ok = 1;
+        break;
+      }
+    }
+
+    if (!protocol_ok) {
+      OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_ALPN_PROTOCOL);
+      *out_alert = SSL_AD_ILLEGAL_PARAMETER;
       return 0;
     }
-
-    if (CBS_len(&client_protocol_name) == CBS_len(&protocol_name) &&
-        OPENSSL_memcmp(CBS_data(&client_protocol_name),
-                       CBS_data(&protocol_name),
-                       CBS_len(&protocol_name)) == 0) {
-      protocol_ok = 1;
-      break;
-    }
-  }
-
-  if (!protocol_ok) {
-    OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_ALPN_PROTOCOL);
-    *out_alert = SSL_AD_ILLEGAL_PARAMETER;
-    return 0;
   }
 
   if (!CBS_stow(&protocol_name, &ssl->s3->alpn_selected,