crypto/tls: ensure the server picked an advertised ALPN protocol

This is a SHALL in RFC 7301, Section 3.2. Also some more cleanup after NPN, which worked the other way around (with the possibility that the client could pick a protocol the server did not suggest). Change-Id: I83cc43ca1b3c686dfece8315436441c077065d82 Reviewed-on: https://go-review.googlesource.com/c/go/+/239748 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Trust: Filippo Valsorda <filippo@golang.org> Trust: Roland Shoemaker <roland@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org>
2025-04-03 20:17:36 +03:00 · 2020-06-24 17:01:00 -04:00 · 2020-06-24 17:01:00 -04:00 · 3e0f07eb2d
commit 3e0f07eb2d
parent 74ff83e750
6 changed files with 30 additions and 30 deletions
--- a/conn.go
+++ b/conn.go
@ -88,8 +88,8 @@ type Conn struct {
 	clientFinished [12]byte
 	serverFinished [12]byte

-	clientProtocol         string
-	clientProtocolFallback bool
+	// clientProtocol is the negotiated ALPN protocol.
+	clientProtocol string

 	// input/output
 	in, out   halfConn
@ -1471,7 +1471,7 @@ func (c *Conn) connectionStateLocked() ConnectionState {
 	state.Version = c.vers
 	state.NegotiatedProtocol = c.clientProtocol
 	state.DidResume = c.didResume
-	state.NegotiatedProtocolIsMutual = !c.clientProtocolFallback
+	state.NegotiatedProtocolIsMutual = true
 	state.ServerName = c.serverName
 	state.CipherSuite = c.cipherSuite
 	state.PeerCertificates = c.peerCertificates