diff --git a/ChangeLog.d/mbedtls_ssl_conf_alpn_protocols.txt b/ChangeLog.d/mbedtls_ssl_conf_alpn_protocols.txt new file mode 100644 index 0000000000..0e396bbeff --- /dev/null +++ b/ChangeLog.d/mbedtls_ssl_conf_alpn_protocols.txt @@ -0,0 +1,4 @@ +API changes + * The list passed to mbedtls_ssl_conf_alpn_protocols() is now declared + as having const elements, reflecting the fact that the library will + not modify it diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index c77cec88e3..60e58295a1 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1569,7 +1569,7 @@ struct mbedtls_ssl_config { #endif /* MBEDTLS_SSL_EARLY_DATA */ #if defined(MBEDTLS_SSL_ALPN) - const char **MBEDTLS_PRIVATE(alpn_list); /*!< ordered list of protocols */ + const char *const *MBEDTLS_PRIVATE(alpn_list); /*!< ordered list of protocols */ #endif #if defined(MBEDTLS_SSL_DTLS_SRTP) @@ -4011,7 +4011,8 @@ int mbedtls_ssl_set_hs_ecjpake_password_opaque(mbedtls_ssl_context *ssl, * * \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA. */ -int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf, const char **protos); +int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf, + const char *const *protos); /** * \brief Get the name of the negotiated Application Layer Protocol. diff --git a/library/ssl_client.c b/library/ssl_client.c index cb57a97669..307da0fabb 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -141,7 +141,7 @@ static int ssl_write_alpn_ext(mbedtls_ssl_context *ssl, * ProtocolName protocol_name_list<2..2^16-1> * } ProtocolNameList; */ - for (const char **cur = ssl->conf->alpn_list; *cur != NULL; cur++) { + for (const char *const *cur = ssl->conf->alpn_list; *cur != NULL; cur++) { /* * mbedtls_ssl_conf_set_alpn_protocols() checked that the length of * protocol names is less than 255. diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f95f3c7c99..1c0aab0ac2 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2534,10 +2534,11 @@ void mbedtls_ssl_conf_sni(mbedtls_ssl_config *conf, #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ #if defined(MBEDTLS_SSL_ALPN) -int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf, const char **protos) +int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf, + const char *const *protos) { size_t cur_len, tot_len; - const char **p; + const char *const *p; /* * RFC 7301 3.1: "Empty strings MUST NOT be included and byte strings @@ -5111,7 +5112,7 @@ static int ssl_context_load(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_ALPN) { uint8_t alpn_len; - const char **cur; + const char *const *cur; if ((size_t) (end - p) < 1) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; @@ -8547,7 +8548,7 @@ int mbedtls_ssl_parse_alpn_ext(mbedtls_ssl_context *ssl, } /* Use our order of preference */ - for (const char **alpn = ssl->conf->alpn_list; *alpn != NULL; alpn++) { + for (const char *const *alpn = ssl->conf->alpn_list; *alpn != NULL; alpn++) { size_t const alpn_len = strlen(*alpn); p = protocol_name_list; while (p < protocol_name_list_end) { diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index df7dfbfa61..ec778f9ed8 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -869,7 +869,7 @@ static int ssl_parse_alpn_ext(mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len) { size_t list_len, name_len; - const char **p; + const char *const *p; /* If we didn't send it, the server shouldn't send it */ if (ssl->conf->alpn_list == NULL) { diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 9386801512..b7b075cc97 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -158,7 +158,7 @@ static int ssl_tls13_parse_alpn_ext(mbedtls_ssl_context *ssl, /* Check that the server chosen protocol was in our list and save it */ MBEDTLS_SSL_CHK_BUF_READ_PTR(p, protocol_name_list_end, protocol_name_len); - for (const char **alpn = ssl->conf->alpn_list; *alpn != NULL; alpn++) { + for (const char *const *alpn = ssl->conf->alpn_list; *alpn != NULL; alpn++) { if (protocol_name_len == strlen(*alpn) && memcmp(p, *alpn, protocol_name_len) == 0) { ssl->alpn_chosen = *alpn;