Google Git
Sign in
boringssl/boringssl/9ef31f01af6c59efe65fe0c4ab3be7316046ccca^!/./ssl/internal.h
commit
9ef31f01af6c59efe65fe0c4ab3be7316046ccca
[log]
author
David Benjamin <davidben@google.com>
Mon Oct 31 18:01:13 2016 -0400
committer
Adam Langley <agl@google.com>
Wed Nov 02 18:06:23 2016 +0000
tree
e37f5287cae05050be98dcdcae9ccd1d68cf721d
parent
b2e2e32c35a228d9e690c90fd5e1bb575dbb0984 [diff] [blame]
Negotiate the cipher suite before ALPN.

HTTP/2 places requirements on the cipher suite. So that servers can
decline HTTP/2 when these requirements aren't met, defer ALPN
negotiation.

See also b/32553041.

Change-Id: Idbcf049f9c8bda06a8be52a0154fe76e84607268
Reviewed-on: https://boringssl-review.googlesource.com/11982
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/ssl/internal.h b/ssl/internal.h
index b6f0203..461de2c 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h

@@ -1083,6 +1083,12 @@
     SSL *ssl, uint8_t **out, size_t *out_len,
     enum ssl_cert_verify_context_t cert_verify_context);
 
+/* ssl_negotiate_alpn negotiates the ALPN extension, if applicable. It returns
+ * one on successful negotiation or if nothing was negotiated. It returns zero
+ * and sets |*out_alert| to an alert on error. */
+int ssl_negotiate_alpn(SSL *ssl, uint8_t *out_alert,
+                       const struct ssl_early_callback_ctx *client_hello);
+
 
 /* SSLKEYLOGFILE functions. */