)]}'
{
  "commit": "c02c19e0d842f54d903a9b62316476f4b9c4e3f0",
  "tree": "debfb57e297e45d2931d9547763aa4fd8e0f8968",
  "parents": [
    "3b7029a549275e4bd1b17e744a6f8a94f8f9bef5"
  ],
  "author": {
    "name": "David Benjamin",
    "email": "davidben@google.com",
    "time": "Wed Feb 10 17:49:20 2021 -0500"
  },
  "committer": {
    "name": "CQ bot account: commit-bot@chromium.org",
    "email": "commit-bot@chromium.org",
    "time": "Thu Feb 11 23:36:22 2021 +0000"
  },
  "message": "Honor SSL_TLSEXT_ERR_ALERT_FATAL in the ALPN callback.\n\nThis aligns with OpenSSL\u0027s behavior. RFC7301 says servers should return\nno_application_protocol if the client supported ALPN but no common\nprotocol was found. We currently interpret all values as\nSSL_TLSEXT_ERR_NOACK. Instead, implement both modes and give guidance on\nwhne to use each. (NOACK is still useful because the callback may be\nshared across multiple configurations, some of which don\u0027t support ALPN\nat all. Those would want to return NOACK to ignore the list.)\n\nTo match upstream, I\u0027ve also switched SSL_R_MISSING_ALPN, added for\nQUIC, to SSL_R_NO_APPLICATION_PROTOCOL.\n\nUpdate-Note: Callers that return SSL_TLSEXT_ERR_ALERT_FATAL from the\nALPN callback will change behavior. The old behavior may be restored by\nreturning SSL_TLSEXT_ERR_NOACK, though see the documentation for new\nrecommendations on return values.\n\nChange-Id: Ib7917b5f8a098571bed764c79aa7a4ce0f728297\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/45504\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "cd6f87a4a770b9a7ce973f4b286da0552e34d175",
      "old_mode": 33188,
      "old_path": "crypto/err/ssl.errordata",
      "new_id": "44c3904f3f79f208f3d6d20794df8b8fa5f1c160",
      "new_mode": 33188,
      "new_path": "crypto/err/ssl.errordata"
    },
    {
      "type": "modify",
      "old_id": "7ff7e72c8a11c8c253f791cb9523846467840a95",
      "old_mode": 33188,
      "old_path": "include/openssl/ssl.h",
      "new_id": "b932d24631ef97d53587304039f69803b80d5d13",
      "new_mode": 33188,
      "new_path": "include/openssl/ssl.h"
    },
    {
      "type": "modify",
      "old_id": "342c17021f40ec351746d240453e86c0e39f65fd",
      "old_mode": 33188,
      "old_path": "ssl/t1_lib.cc",
      "new_id": "484eee9b07b3e3b830d3c43a36fb7ad78f1acbc1",
      "new_mode": 33188,
      "new_path": "ssl/t1_lib.cc"
    },
    {
      "type": "modify",
      "old_id": "07c0aa63486d47cea66aa31890abda92b2a59048",
      "old_mode": 33188,
      "old_path": "ssl/test/runner/runner.go",
      "new_id": "9af820ecef1bade7ec0ca2c474440d1417a48d80",
      "new_mode": 33188,
      "new_path": "ssl/test/runner/runner.go"
    },
    {
      "type": "modify",
      "old_id": "c1d215bbc067a40e65e9e0846f2ae8145d8c1df1",
      "old_mode": 33188,
      "old_path": "ssl/test/test_config.cc",
      "new_id": "59c5e399d37def4bb360fb9192090f0df260b784",
      "new_mode": 33188,
      "new_path": "ssl/test/test_config.cc"
    },
    {
      "type": "modify",
      "old_id": "7d779943171c4ad0d46ca34be8c4f68480405408",
      "old_mode": 33188,
      "old_path": "ssl/test/test_config.h",
      "new_id": "c24c3769b3e4af2f1d140754d30b95d178f74e37",
      "new_mode": 33188,
      "new_path": "ssl/test/test_config.h"
    }
  ]
}