Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error: An unknown option was passed in to libcurl when using CURLOPT_SSL_ENABLE_ALPN #4668

Closed
shailcompsit opened this issue Dec 3, 2019 · 4 comments
Closed

Error: An unknown option was passed in to libcurl when using CURLOPT_SSL_ENABLE_ALPN #4668

shailcompsit opened this issue Dec 3, 2019 · 4 comments
Labels
HTTP/2 libcurl API

Comments

@shailcompsit
Copy link

What I did,

As per this man page for CURLOPT_SSL_ENABLE_ALPN, the option is enabled by default, and we can see the ALPN extension set in Client Hello using Wireshark. However, I want to disable that option, so that ALPN extension is not present in Client Hello (TLS Handshake). I tried below code,

CURLcode res = CURLE_OK;
res = curl_easy_setopt(curl_, CURLOPT_SSL_ENABLE_ALPN, 0L);
if(res == CURLE_OK){
cout<<"CURLOPT_SSL_ENABLE_ALPN to 0L res = "<<res;
}else{
cout<<"Error: res = "<<res<<"\t"<<curl_easy_strerror(res);
}

Output:

Error: res = 48 An unknown option was passed in to libcurl

I expected the following

CURLOPT_SSL_ENABLE_ALPN to 0L res = 0

curl/libcurl version

libcurl Version: 7.67.0
openssl version: OpenSSL 1.1.0l

libcurl configuration options

./configure --prefix= " << full path to installation directory >> " --disable-manual --enable-ipv6 --disable-ntlm-wb --without-krb4 --without-gssapi --with-ssl=" << full path to openssl folder containing library and include files >> " --without-gnutls --without-polarssl --without-cyassl --without-nss --without-axtls --without-libmetalink --without-libssh2 --disable-ldap --without-libidn LDFLAGS="-Wl,-rpath -Wl, << full path to openssl library folder >> "

operating system

Linux, MACOSX

Even though this option throws error in MacOSX also, ALPN extension is not present in TLS Handshake on MacOSX
Is this option deprecated? Or am I missing something here?
@jay jay added the HTTP/2 label Dec 4, 2019
jay added a commit to jay/curl that referenced this issue Dec 4, 2019
@jay
setopt: Fix ALPN / NPN option setting when built without HTTP2
ffa99bb 
- Stop treating lack of HTTP2 as an unknown option error result for
  CURLOPT_SSL_ENABLE_ALPN and CURLOPT_SSL_ENABLE_NPN.

Prior to this change it was impossible to disable ALPN / NPN if libcurl
was built without HTTP2. Setting either option would result in
CURLE_UNKNOWN_OPTION and the respective internal option would not be
set. That was incorrect since ALPN and NPN are used independent of
HTTP2.

Reported-by: Shailesh Kapse

Fixes curl#4668
Closes #xxxx
@jay jay mentioned this issue Dec 4, 2019
Closed
@jay
Copy link
Member

jay commented Dec 4, 2019

Those options erroneously require HTTP/2 support:

curl/lib/setopt.c

Lines 2615 to 2622 in 2e9b725

#ifdef USE_NGHTTP2
case CURLOPT_SSL_ENABLE_NPN:
data->set.ssl_enable_npn = (0 != va_arg(param, long)) ? TRUE : FALSE;
break;
case CURLOPT_SSL_ENABLE_ALPN:
data->set.ssl_enable_alpn = (0 != va_arg(param, long)) ? TRUE : FALSE;
break;
#endif

If that is your issue then please try the fix in #4672. If that doesn't work then give us this output:

    curl_version_info_data *info = curl_version_info(CURLVERSION_NOW);
    printf("SSPI is %s\n", ((info->features & CURL_VERSION_SSPI) ? "on" : "off"));
    printf("HTTP2 is %s\n", ((info->features & CURL_VERSION_HTTP2) ? "on" : "off"));
    printf("%s\n", curl_version());

@jay jay added the libcurl API label Dec 4, 2019
@shailcompsit
Copy link
Author

@jay Replicated the changes committed by you. This solves the issue.
I can see the output as expected: "CURLOPT_SSL_ENABLE_ALPN to 0L res = 0"
Also, monitored the TLS Handshake, and ALPN extension is absent in Client Hello now.
Thanks a lot!
When can we expect the next release of libcurl ?

@bagder
Copy link
Member

bagder commented Dec 4, 2019

When can we expect the next release of libcurl ?

See the pending release-notes page: January 8th 2020 is the scheduled release date for the coming 7.68.0 release.

You can however always download the current state from git or as a daily snapshot to try out the coming changes even before they ship!

@jay jay closed this as completed in 0edf758 Dec 6, 2019
@jay
Copy link
Member

jay commented Dec 6, 2019

Thanks

@lock lock bot locked as resolved and limited conversation to collaborators Mar 10, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
HTTP/2 libcurl API
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

setopt: Fix ALPN / NPN option setting when built without HTTP2 jay/curl
3 participants
@bagder @jay @shailcompsit