Add alpn switch to windows and openssl targets

Author: MarnixKuijs

Cargo.toml

@@ -9,9 +9,7 @@ readme = "README.md"
 
 [features]
 vendored = ["openssl/vendored"]
-
-# Switch for MacOS to keep support for older versions, Windows targets and openssl target will have alpn regardless
-alpn = ["security-framework/alpn"] 
+alpn = ["security-framework/alpn", "openssl/v102"] 
 
 [target.'cfg(any(target_os = "macos", target_os = "ios"))'.dependencies]
 security-framework = "2.0.0"

src/imp/openssl.rs

@@ -274,21 +274,24 @@ impl TlsConnector {
             }
         }
 
-        if !builder.alpn.is_empty() {
-            // Wire format is each alpn preceded by its length as a byte.
-            let mut alpn_wire_format = Vec::with_capacity(
-                builder
-                    .alpn
-                    .iter()
-                    .map(|s| s.as_bytes().len())
-                    .sum::<usize>()
-                    + builder.alpn.len(),
-            );
-            for alpn in builder.alpn.iter().map(|s| s.as_bytes()) {
-                alpn_wire_format.push(alpn.len() as u8);
-                alpn_wire_format.extend(alpn);
+        #[cfg(feature = "alpn")]
+        {
+            if !builder.alpn.is_empty() {
+                // Wire format is each alpn preceded by its length as a byte.
+                let mut alpn_wire_format = Vec::with_capacity(
+                    builder
+                        .alpn
+                        .iter()
+                        .map(|s| s.as_bytes().len())
+                        .sum::<usize>()
+                        + builder.alpn.len(),
+                );
+                for alpn in builder.alpn.iter().map(|s| s.as_bytes()) {
+                    alpn_wire_format.push(alpn.len() as u8);
+                    alpn_wire_format.extend(alpn);
+                }
+                connector.set_alpn_protos(&alpn_wire_format)?;
             }
-            connector.set_alpn_protos(&alpn_wire_format)?;
         }
 
         #[cfg(target_os = "android")]
@@ -383,6 +386,7 @@ impl<S: io::Read + io::Write> TlsStream<S> {
         Ok(self.0.ssl().peer_certificate().map(Certificate))
     }
 
+    #[cfg(feature = "alpn")]
     pub fn negotiated_alpn(&self) -> Result<Option<Vec<u8>>, Error> {
         Ok(self
             .0

src/imp/schannel.rs

@@ -86,7 +86,8 @@ impl Identity {
                 return Err(io::Error::new(
                     io::ErrorKind::InvalidInput,
                     "No identity found in PKCS #12 archive",
-                ).into());
+                )
+                .into());
             }
         };
 
@@ -112,7 +113,8 @@ impl Certificate {
             Err(_) => Err(io::Error::new(
                 io::ErrorKind::InvalidInput,
                 "PEM representation contains non-UTF-8 bytes",
-            ).into()),
+            )
+            .into()),
         }
     }
 
@@ -251,8 +253,13 @@ impl TlsConnector {
                 ))
             });
         }
-        if !self.alpn.is_empty() {
-            builder.request_application_protocols(&self.alpn.iter().map(|s| s.as_bytes()).collect::<Vec<_>>());
+        #[cfg(feature = "alpn")]
+        {
+            if !self.alpn.is_empty() {
+                builder.request_application_protocols(
+                    &self.alpn.iter().map(|s| s.as_bytes()).collect::<Vec<_>>(),
+                );
+            }
         }
         match builder.connect(cred, stream) {
             Ok(s) => Ok(TlsStream(s)),
@@ -324,6 +331,7 @@ impl<S: io::Read + io::Write> TlsStream<S> {
         }
     }
 
+    #[cfg(feature = "alpn")]
     pub fn negotiated_alpn(&self) -> Result<Option<Vec<u8>>, Error> {
         Ok(self.0.negotiated_application_protocol()?)
     }

src/imp/security_framework.rs

@@ -306,8 +306,11 @@ impl TlsConnector {
         builder.danger_accept_invalid_certs(self.danger_accept_invalid_certs);
         builder.trust_anchor_certificates_only(self.disable_built_in_roots);
 
-        if !self.alpn.is_empty() {
-            builder.alpn_protocols(&self.alpn.iter().map(String::as_str).collect::<Vec<_>>());
+        #[cfg(feature = "alpn")]
+        {
+            if !self.alpn.is_empty() {
+                builder.alpn_protocols(&self.alpn.iter().map(String::as_str).collect::<Vec<_>>());
+            }
         }
 
         match builder.handshake(domain, stream) {
@@ -395,6 +398,7 @@ impl<S: io::Read + io::Write> TlsStream<S> {
         Ok(trust.certificate_at_index(0).map(Certificate))
     }
 
+    #[cfg(feature = "alpn")]
     pub fn negotiated_alpn(&self) -> Result<Option<Vec<u8>>, Error> {
         match self.stream.context().alpn_protocols() {
             Ok(protocols) => {

src/lib.rs

@@ -380,6 +380,7 @@ impl TlsConnectorBuilder {
     /// Request specific protocols through ALPN (Application-Layer Protocol Negotiation).
     ///
     /// Defaults to none
+    #[cfg(feature = "alpn")]
     pub fn request_alpns(&mut self, protocols: &[&str]) -> &mut TlsConnectorBuilder {
         self.alpn = protocols.iter().map(|s| (*s).to_owned()).collect();
         self
@@ -655,12 +656,9 @@ impl<S: io::Read + io::Write> TlsStream<S> {
     }
 
     /// Returns the negotiated ALPN protocols
-    pub fn negotiated_alpn(&self) -> Result<Option<String>> {
-        let protocol = self
-            .0
-            .negotiated_alpn()?
-            .map(|bytes| String::from_utf8_lossy(&bytes).into_owned());
-        Ok(protocol)
+    #[cfg(feature = "alpn")]
+    pub fn negotiated_alpn(&self) -> Result<Option<Vec<u8>>> {
+        Ok(self.0.negotiated_alpn()?)
     }
 
     /// Shuts down the TLS session.

src/test.rs

@@ -420,42 +420,32 @@ mod tests {
     }
 
     #[test]
-    #[cfg_attr(not(feature = "alpn"), ignore)]
+    #[cfg(feature = "alpn")]
     fn alpn_google_h2() {
         let builder = p!(TlsConnector::builder().request_alpns(&["h2"]).build());
         let s = p!(TcpStream::connect("google.com:443"));
         let socket = p!(builder.connect("google.com", s));
-
-        assert_eq!(
-            p!(socket.negotiated_alpn())
-                .as_ref()
-                .map(|alpn| alpn.as_str()),
-            Some("h2")
-        );
+        let alpn = p!(socket.negotiated_alpn());
+        assert_eq!(alpn.as_deref(), Some(b"h2".as_ref()));
     }
 
     #[test]
-    #[cfg_attr(not(feature = "alpn"), ignore)]
+    #[cfg(feature = "alpn")]
     fn alpn_google_invalid() {
         let builder = p!(TlsConnector::builder().request_alpns(&["h2c"]).build());
         let s = p!(TcpStream::connect("google.com:443"));
         let socket = p!(builder.connect("google.com", s));
-
-        assert_eq!(
-            p!(socket.negotiated_alpn())
-                .as_ref()
-                .map(|alpn| alpn.as_str()),
-            None
-        );
+        let alpn = p!(socket.negotiated_alpn());
+        assert_eq!(alpn.as_deref(), None);
     }
 
     #[test]
-    #[cfg_attr(not(feature = "alpn"), ignore)]
+    #[cfg(feature = "alpn")]
     fn alpn_google_none() {
         let builder = p!(TlsConnector::new());
         let s = p!(TcpStream::connect("google.com:443"));
         let socket = p!(builder.connect("google.com", s));
-
-        assert_eq!(p!(socket.negotiated_alpn()), None);
+        let alpn = p!(socket.negotiated_alpn());
+        assert_eq!(alpn.as_deref(), None);
     }
 }