1 files changed, 34 insertions, 1 deletions

diff --git a/lib/libtls/tls_conninfo.c b/lib/libtls/tls_conninfo.c
index 6caf655536d..7888c919b08 100644
--- a/lib/libtls/tls_conninfo.c
+++ b/lib/libtls/tls_conninfo.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_conninfo.c,v 1.7 2016/08/02 07:47:11 jsing Exp $ */
+/* $OpenBSD: tls_conninfo.c,v 1.8 2016/08/12 15:10:59 jsing Exp $ */
 /*
  * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2015 Bob Beck <beck@openbsd.org>
@@ -150,6 +150,26 @@ tls_get_peer_cert_times(struct tls *ctx, time_t *notbefore, time_t *notafter)
 	return (rv);
 }
 
+static int
+tls_conninfo_alpn_proto(struct tls *ctx)
+{
+	const unsigned char *p;
+	unsigned int len;
+
+	free(ctx->conninfo->alpn);
+	ctx->conninfo->alpn = NULL;
+
+	SSL_get0_alpn_selected(ctx->ssl_conn, &p, &len);
+	if (len > 0) {
+		if ((ctx->conninfo->alpn = malloc(len + 1)) == NULL)
+			return (-1);
+		memcpy(ctx->conninfo->alpn, p, len);
+		ctx->conninfo->alpn[len] = '\0';
+	}
+
+	return (0);
+}
+
 int
 tls_get_conninfo(struct tls *ctx) {
 	const char * tmp;
@@ -175,6 +195,9 @@ tls_get_conninfo(struct tls *ctx) {
 	ctx->conninfo->cipher = strdup(tmp);
 	if (ctx->conninfo->cipher == NULL)
 		goto err;
+	if (tls_conninfo_alpn_proto(ctx) == -1)
+		goto err;
+
 	return (0);
 err:
 	tls_free_conninfo(ctx->conninfo);
@@ -184,6 +207,8 @@ err:
 void
 tls_free_conninfo(struct tls_conninfo *conninfo) {
 	if (conninfo != NULL) {
+		free(conninfo->alpn);
+		conninfo->alpn = NULL;
 		free(conninfo->hash);
 		conninfo->hash = NULL;
 		free(conninfo->subject);
@@ -198,6 +223,14 @@ tls_free_conninfo(struct tls_conninfo *conninfo) {
 }
 
 const char *
+tls_conn_alpn_selected(struct tls *ctx)
+{
+	if (ctx->conninfo == NULL)
+		return (NULL);
+	return (ctx->conninfo->alpn);
+}
+
+const char *
 tls_conn_cipher(struct tls *ctx)
 {
 	if (ctx->conninfo == NULL)