Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error: An unknown option was passed in to libcurl when using CURLOPT_SSL_ENABLE_ALPN #4668

Closed
shailcompsit opened this issue Dec 3, 2019 · 4 comments

Comments

@shailcompsit
Copy link

@shailcompsit shailcompsit commented Dec 3, 2019

What I did,

As per this man page for CURLOPT_SSL_ENABLE_ALPN, the option is enabled by default, and we can see the ALPN extension set in Client Hello using Wireshark. However, I want to disable that option, so that ALPN extension is not present in Client Hello (TLS Handshake). I tried below code,

CURLcode res = CURLE_OK;
res = curl_easy_setopt(curl_, CURLOPT_SSL_ENABLE_ALPN, 0L);
if(res == CURLE_OK){
cout<<"CURLOPT_SSL_ENABLE_ALPN to 0L res = "<<res;
}else{
cout<<"Error: res = "<<res<<"\t"<<curl_easy_strerror(res);
}

Output:

Error: res = 48 An unknown option was passed in to libcurl

I expected the following

CURLOPT_SSL_ENABLE_ALPN to 0L res = 0

curl/libcurl version

libcurl Version: 7.67.0
openssl version: OpenSSL 1.1.0l

libcurl configuration options

./configure --prefix= " << full path to installation directory >> " --disable-manual --enable-ipv6 --disable-ntlm-wb --without-krb4 --without-gssapi --with-ssl=" << full path to openssl folder containing library and include files >> " --without-gnutls --without-polarssl --without-cyassl --without-nss --without-axtls --without-libmetalink --without-libssh2 --disable-ldap --without-libidn LDFLAGS="-Wl,-rpath -Wl, << full path to openssl library folder >> "

operating system

Linux, MACOSX

Even though this option throws error in MacOSX also, ALPN extension is not present in TLS Handshake on MacOSX
Is this option deprecated? Or am I missing something here?

@jay jay added the HTTP/2 label Dec 4, 2019
jay added a commit to jay/curl that referenced this issue Dec 4, 2019
- Stop treating lack of HTTP2 as an unknown option error result for
  CURLOPT_SSL_ENABLE_ALPN and CURLOPT_SSL_ENABLE_NPN.

Prior to this change it was impossible to disable ALPN / NPN if libcurl
was built without HTTP2. Setting either option would result in
CURLE_UNKNOWN_OPTION and the respective internal option would not be
set. That was incorrect since ALPN and NPN are used independent of
HTTP2.

Reported-by: Shailesh Kapse

Fixes curl#4668
Closes #xxxx
@jay

This comment has been minimized.

Copy link
Member

@jay jay commented Dec 4, 2019

Those options erroneously require HTTP/2 support:

curl/lib/setopt.c

Lines 2615 to 2622 in 2e9b725

#ifdef USE_NGHTTP2
case CURLOPT_SSL_ENABLE_NPN:
data->set.ssl_enable_npn = (0 != va_arg(param, long)) ? TRUE : FALSE;
break;
case CURLOPT_SSL_ENABLE_ALPN:
data->set.ssl_enable_alpn = (0 != va_arg(param, long)) ? TRUE : FALSE;
break;
#endif

If that is your issue then please try the fix in #4672. If that doesn't work then give us this output:

    curl_version_info_data *info = curl_version_info(CURLVERSION_NOW);
    printf("SSPI is %s\n", ((info->features & CURL_VERSION_SSPI) ? "on" : "off"));
    printf("HTTP2 is %s\n", ((info->features & CURL_VERSION_HTTP2) ? "on" : "off"));
    printf("%s\n", curl_version());
@jay jay added the libcurl API label Dec 4, 2019
@shailcompsit

This comment has been minimized.

Copy link
Author

@shailcompsit shailcompsit commented Dec 4, 2019

@jay Replicated the changes committed by you. This solves the issue.
I can see the output as expected: "CURLOPT_SSL_ENABLE_ALPN to 0L res = 0"
Also, monitored the TLS Handshake, and ALPN extension is absent in Client Hello now.
Thanks a lot!
When can we expect the next release of libcurl ?

@bagder

This comment has been minimized.

Copy link
Member

@bagder bagder commented Dec 4, 2019

When can we expect the next release of libcurl ?

See the pending release-notes page: January 8th 2020 is the scheduled release date for the coming 7.68.0 release.

You can however always download the current state from git or as a daily snapshot to try out the coming changes even before they ship!

@jay jay closed this in 0edf758 Dec 6, 2019
@jay

This comment has been minimized.

Copy link
Member

@jay jay commented Dec 6, 2019

Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.