On Tue, Apr 23, 2024 at 01:48:04AM +0300, Heikki Linnakangas wrote: > Here's the patch for that. The error message is: > > "direct SSL connection was established without ALPN protocol negotiation > extension"
WFM. > That's accurate, but I wonder if we could make it more useful to a user > who's wondering what went wrong. I'd imagine that if the server doesn't > support ALPN, it's because you have some kind of a (not necessarily > malicious) generic SSL man-in-the-middle that doesn't support it. Or you're > trying to connect to an HTTPS server. Suggestions welcome. Hmm. Is there any point in calling SSL_get0_alpn_selected() in open_client_SSL() to get the ALPN if current_enc_method is not ENC_DIRECT_SSL? In the documentation of PQsslAttribute(), it is mentioned that empty string is returned for "alpn" if ALPN was not used, however the code returns NULL in this case: SSL_get0_alpn_selected(conn->ssl, &data, &len); if (data == NULL || len == 0 || len > sizeof(alpn_str) - 1) return NULL; -- Michael
signature.asc
Description: PGP signature