From a2a095536a3040b6f9bbc749412299a8539491bd Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Wed, 19 Apr 2023 09:05:49 +0200
Subject: [PATCH] MINOR: ssl: do not set ALPN callback with the empty string

While it does not have any effect, it's better not to try to setup an
ALPN callback nor to try to lookup algorithms when the configured ALPN
string is empty as a result of "no-alpn" being used.
---
 src/ssl_sock.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index cb544d4..e7f6d41 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -4717,7 +4717,7 @@ static int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_con
 		ssl_conf_cur = ssl_conf;
 	else if (bind_conf->ssl_conf.alpn_str)
 		ssl_conf_cur = &bind_conf->ssl_conf;
-	if (ssl_conf_cur)
+	if (ssl_conf_cur && ssl_conf_cur->alpn_len)
 		SSL_CTX_set_alpn_select_cb(ctx, ssl_sock_advertise_alpn_protos, ssl_conf_cur);
 #endif
 #if defined(SSL_CTX_set1_curves_list)
@@ -5150,7 +5150,7 @@ static int ssl_sock_prepare_srv_ssl_ctx(const struct server *srv, SSL_CTX *ctx)
 		SSL_CTX_set_next_proto_select_cb(ctx, ssl_sock_srv_select_protos, (struct server*)srv);
 #endif
 #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
-	if (srv->ssl_ctx.alpn_str)
+	if (srv->ssl_ctx.alpn_str && srv->ssl_ctx.alpn_len)
 		SSL_CTX_set_alpn_protos(ctx, (unsigned char *)srv->ssl_ctx.alpn_str, srv->ssl_ctx.alpn_len);
 #endif
 
-- 
1.7.10.4