From a308e87dea4067fd3166a4b9b5c4c36b3b3cafa0 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Tue, 4 Jul 2017 15:35:25 +0200
Subject: gnutls-serv: added the --alpn and --alpn-fatal options

This allows specifying ALPN protocols supported by server, allowing
to test the ALPN negotiation.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---
 src/serv-args.def | 16 ++++++++++++++++
 src/serv.c        | 25 +++++++++++++++++++++++++
 2 files changed, 41 insertions(+)

diff --git a/src/serv-args.def b/src/serv-args.def
index 0e13cbf140..f5b7f9c6a0 100644
--- a/src/serv-args.def
+++ b/src/serv-args.def
@@ -21,6 +21,21 @@ flag = {
     doc      = "";
 };
 
+flag = {
+    name      = alpn;
+    arg-type  = string;
+    descrip   = "Specify ALPN protocol to be enabled by the server";
+    doc      = "Specify the (textual) ALPN protocol for the server to use.";
+    stack-arg;
+    max       = NOLIMIT;
+};
+
+flag = {
+    name      = alpn-fatal;
+    descrip   = "Send fatal alert on non-matching ALPN name";
+    doc      = "";
+};
+
 flag = {
     name      = noticket;
     descrip   = "Don't accept session tickets";
@@ -159,6 +174,7 @@ flag = {
     deprecated;
 };
 
+
 flag = {
     name      = x509keyfile;
     arg-type  = string;
diff --git a/src/serv.c b/src/serv.c
index 63138a509e..ef71b47737 100644
--- a/src/serv.c
+++ b/src/serv.c
@@ -1,6 +1,7 @@
 /*
  * Copyright (C) 2004-2012 Free Software Foundation, Inc.
  * Copyright (C) 2001,2002 Paul Sheer
+ * Copyright (C) 2016-2017 Red Hat, Inc.
  * Portions Copyright (C) 2002,2003 Nikos Mavrogiannopoulos
  *
  * This file is part of GnuTLS.
@@ -78,6 +79,9 @@ const char *status_response_ocsp = NULL;
 const char *sni_hostname = NULL;
 int sni_hostname_fatal = 0;
 
+const char **alpn_protos = NULL;
+unsigned alpn_protos_size = 0;
+
 gnutls_datum_t session_ticket_key;
 static void tcp_server(const char *name, int port);
 
@@ -359,11 +363,15 @@ end:
 	return ret;
 }
 
+#define MAX_ALPN_PROTOCOLS 16
 gnutls_session_t initialize_session(int dtls)
 {
 	gnutls_session_t session;
 	int ret;
+	unsigned i;
 	const char *err;
+	gnutls_datum_t alpn[MAX_ALPN_PROTOCOLS];
+	unsigned alpn_size;
 
 	if (priorities == NULL)
 		priorities = "NORMAL";
@@ -402,6 +410,18 @@ gnutls_session_t initialize_session(int dtls)
 		exit(1);
 	}
 
+	alpn_size = MIN(MAX_ALPN_PROTOCOLS,alpn_protos_size);
+	for (i=0;i<alpn_size;i++) {
+		alpn[i].data = (void*)alpn_protos[i];
+		alpn[i].size = strlen(alpn_protos[i]);
+	}
+
+	ret = gnutls_alpn_set_protocols(session, alpn, alpn_size, HAVE_OPT(ALPN_FATAL)?GNUTLS_ALPN_MANDATORY:0);
+	if (ret < 0) {
+		fprintf(stderr, "Error setting ALPN protocols: %s\n", gnutls_strerror(ret));
+		exit(1);
+	}
+
 	gnutls_credentials_set(session, GNUTLS_CRD_ANON, dh_cred);
 
 	if (srp_cred != NULL)
@@ -1615,6 +1635,11 @@ static void cmd_parser(int argc, char **argv)
 	if (HAVE_OPT(DHPARAMS))
 		dh_params_file = OPT_ARG(DHPARAMS);
 
+	if (HAVE_OPT(ALPN)) {
+		alpn_protos = STACKLST_OPT(ALPN);
+		alpn_protos_size = STACKCT_OPT(ALPN);
+	}
+
 	if (HAVE_OPT(X509KEYFILE)) {
 		x509_keyfile = STACKLST_OPT(X509KEYFILE);
 		x509_keyfile_size = STACKCT_OPT(X509KEYFILE);
-- 
cgit v1.2.1