Hmm, I cannot test this today since I am travelling. If Jim wants to tag 2.5.13 this week, then either the current v4 patch makes it in, or we need to postpone this. A changed patch on which my module (and possibly others) chokes on, will not serve anyone I assume.
As with the "don't send NPN unnecessary" bug report: ALPN is working slighty different. Not sure if the server cb is triggered at all, if the client sends no ALPN. //stefan > Am 03.06.2015 um 17:04 schrieb Yann Ylavic <[email protected]>: > >> On Wed, Jun 3, 2015 at 4:45 PM, Yann Ylavic <[email protected]> wrote: >> >> This means enabling ALPN only if SSLALPNPreference is used. > > Something like below : > > Index: modules/ssl/mod_ssl.c > =================================================================== > --- modules/ssl/mod_ssl.c (revision 1683271) > +++ modules/ssl/mod_ssl.c (working copy) > @@ -456,6 +456,8 @@ static int modssl_register_alpn(conn_rec *c, > ssl_alpn_proto_negotiated negotiatedfn) > { > #ifdef HAVE_TLS_ALPN > + SSLSrvConfigRec *sc; > + > SSLConnRec *sslconn = myConnConfig(c); > > if (!sslconn) { > @@ -462,6 +464,11 @@ static int modssl_register_alpn(conn_rec *c, > return DECLINED; > } > > + sc = mySrvConfig(sslconn->server); > + if (sc->server->ssl_alpn_pref->nelts <= 0) { > + return DECLINED; > + } > + > if (!sslconn->alpn_proposefns) { > sslconn->alpn_proposefns = > apr_array_make(c->pool, 5, sizeof(ssl_alpn_propose_protos)); > Index: modules/ssl/ssl_engine_init.c > =================================================================== > --- modules/ssl/ssl_engine_init.c (revision 1683271) > +++ modules/ssl/ssl_engine_init.c (working copy) > @@ -648,7 +648,9 @@ static void ssl_init_ctx_callbacks(server_rec *s, > SSL_CTX_set_info_callback(ctx, ssl_callback_Info); > > #ifdef HAVE_TLS_ALPN > - SSL_CTX_set_alpn_select_cb(ctx, ssl_callback_alpn_select, NULL); > + if (s->ssl_alpn_pref->nelts > 0) { > + SSL_CTX_set_alpn_select_cb(ctx, ssl_callback_alpn_select, NULL); > + } > #endif > } > > --
