*NOT A SECURITY ISSUE*
That our of the way: while debugging my HTTP/2 module for Apache httpd, I see
that the callback for SNI seems to be invoked *after* the callback for ALPN had
been called (OpenSSL 1.0.2c). Can this be correct? Is there anything to
influence this ordering?
My issue is that the proposed ALPN protocols depend on the virtual host the
client wants to talk to. So, the observed order poses a bit of a problem. The
code *can* check the server name via SSL_get_servername() and the correct name
is reported. However this is not how it is supposed to work, right?
Again, if there is anything influencing the order of the callback invocation,
I'd be willing to adapt. Otherwise, I think, the order needs to be defined in
the OpenSSL API and it should be SNI before ALPN.
Cheers,
Stefan
green/bytes GmbH
Hafenweg 16, 48155 Münster, Germany
Phone: +49 251 2807760. Amtsgericht Münster: HRB5782
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev