Error: An unknown option was passed in to libcurl when using CURLOPT_SSL_ENABLE_ALPN

[shailcompsit]

What I did,

As per this man page for CURLOPT_SSL_ENABLE_ALPN, the option is enabled by default, and we can see the ALPN extension set in Client Hello using Wireshark. However, I want to disable that option, so that ALPN extension is not present in Client Hello (TLS Handshake). I tried below code,

CURLcode res = CURLE_OK;
res = curl_easy_setopt(curl_, CURLOPT_SSL_ENABLE_ALPN, 0L);
if(res == CURLE_OK){
cout<<"CURLOPT_SSL_ENABLE_ALPN to 0L res = "<<res;
}else{
cout<<"Error: res = "<<res<<"\t"<<curl_easy_strerror(res);
}

Output:

Error: res = 48 An unknown option was passed in to libcurl

I expected the following

CURLOPT_SSL_ENABLE_ALPN to 0L res = 0

curl/libcurl version

libcurl Version: 7.67.0
openssl version: OpenSSL 1.1.0l

libcurl configuration options

./configure --prefix= " << full path to installation directory >> " --disable-manual --enable-ipv6 --disable-ntlm-wb --without-krb4 --without-gssapi --with-ssl=" << full path to openssl folder containing library and include files >> " --without-gnutls --without-polarssl --without-cyassl --without-nss --without-axtls --without-libmetalink --without-libssh2 --disable-ldap --without-libidn LDFLAGS="-Wl,-rpath -Wl, << full path to openssl library folder >> "

operating system

Linux, MACOSX

Even though this option throws error in MacOSX also, ALPN extension is not present in TLS Handshake on MacOSX
Is this option deprecated? Or am I missing something here?

[jay]

Those options erroneously require HTTP/2 support:

curl/lib/setopt.c

Lines 2615 to 2622 in 2e9b725

	#ifdef USE_NGHTTP2
	case CURLOPT_SSL_ENABLE_NPN:
	data->set.ssl_enable_npn = (0 != va_arg(param, long)) ? TRUE : FALSE;
	break;
	case CURLOPT_SSL_ENABLE_ALPN:
	data->set.ssl_enable_alpn = (0 != va_arg(param, long)) ? TRUE : FALSE;
	break;
	#endif

If that is your issue then please try the fix in #4672. If that doesn't work then give us this output:

    curl_version_info_data *info = curl_version_info(CURLVERSION_NOW);
    printf("SSPI is %s\n", ((info->features & CURL_VERSION_SSPI) ? "on" : "off"));
    printf("HTTP2 is %s\n", ((info->features & CURL_VERSION_HTTP2) ? "on" : "off"));
    printf("%s\n", curl_version());

[shailcompsit]

@jay Replicated the changes committed by you. This solves the issue.
I can see the output as expected: "CURLOPT_SSL_ENABLE_ALPN to 0L res = 0"
Also, monitored the TLS Handshake, and ALPN extension is absent in Client Hello now.
Thanks a lot!
When can we expect the next release of libcurl ?

[bagder]

When can we expect the next release of libcurl ?

See the pending release-notes page: January 8th 2020 is the scheduled release date for the coming 7.68.0 release.

You can however always download the current state from git or as a daily snapshot to try out the coming changes even before they ship!

[jay]

Thanks