int
lws_tls_server_conn_alpn(struct lws *wsi)
{
#if defined(LWS_WITH_MBEDTLS) || (defined(OPENSSL_VERSION_NUMBER) && \
OPENSSL_VERSION_NUMBER >= 0x10002000L)
const unsigned char *name = NULL;
char cstr[10];
unsigned len;
SSL_get0_alpn_selected(wsi->tls.ssl, &name, &len);
if (!len) {
lwsl_info("no ALPN upgrade\n");
return 0;
}
if (len > sizeof(cstr) - 1)
len = sizeof(cstr) - 1;
memcpy(cstr, name, len);
cstr[len] = '\0';
lwsl_info("negotiated '%s' using ALPN\n", cstr);
wsi->tls.use_ssl |= LCCSCF_USE_SSL;
return lws_role_call_alpn_negotiated(wsi, (const char *)cstr);
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
return 0;
}
enum lws_ssl_capable_status
lws_tls_client_connect(struct lws *wsi)
{
int m, n = SSL_connect(wsi->tls.ssl);
const unsigned char *prot;
unsigned int len;
if (n == 1) {
SSL_get0_alpn_selected(wsi->tls.ssl, &prot, &len);
lws_role_call_alpn_negotiated(wsi, (const char *)prot);
lwsl_info("client connect OK\n");
return LWS_SSL_CAPABLE_DONE;
}
m = SSL_get_error(wsi->tls.ssl, n);
if (m == SSL_ERROR_WANT_READ || SSL_want_read(wsi->tls.ssl))
return LWS_SSL_CAPABLE_MORE_SERVICE_READ;
if (m == SSL_ERROR_WANT_WRITE || SSL_want_write(wsi->tls.ssl))
return LWS_SSL_CAPABLE_MORE_SERVICE_WRITE;
if (!n) /* we don't know what he wants, but he says to retry */
return LWS_SSL_CAPABLE_MORE_SERVICE;
return LWS_SSL_CAPABLE_ERROR;
}
