Select the first protocol from the next protocol list of SSLConfig if If we didn't find a protocol.

net/socket/ssl_client_socket_openssl.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // OpenSSL binding for SSLClientSocket. The class layout and general principle
 // of operation is derived from SSLClientSocketNSS.
 
 #include "net/socket/ssl_client_socket_openssl.h"
 
 #include <openssl/ssl.h>
@@ skipping 24 matching lines @@
                            " jump to state " << s; \
                            next_handshake_state_ = s; } while (0)
 #else
 #define GotoState(s) next_handshake_state_ = s
 #endif
 
 const size_t kMaxRecvBufferSize = 4096;
 const int kSessionCacheTimeoutSeconds = 60 * 60;
 const size_t kSessionCacheMaxEntires = 1024;
 
+// If a client doesn't have a list of protocols that it supports, but
+// the server supports NPN, choosing "http/1.1" is the best answer.
+const char kDefaultSupportedNPNProtocol[] = "http/1.1";
+
 // This method doesn't seemed to have made it into the OpenSSL headers.
 unsigned long SSL_CIPHER_get_id(const SSL_CIPHER* cipher) { return cipher->id; }
 
 // Used for encoding the |connection_status| field of an SSLInfo object.
 int EncodeSSLConnectionStatus(int cipher_suite,
                               int compression,
                               int version) {
   return ((cipher_suite & SSL_CONNECTION_CIPHERSUITE_MASK) <<
           SSL_CONNECTION_CIPHERSUITE_SHIFT) |
          ((compression & SSL_CONNECTION_COMPRESSION_MASK) <<
@@ skipping 791 matching lines @@
 // SelectNextProtoCallback is called by OpenSSL during the handshake. If the
 // server supports NPN, selects a protocol from the list that the server
 // provides. According to third_party/openssl/openssl/ssl/ssl_lib.c, the
 // callback can assume that |in| is syntactically valid.
 int SSLClientSocketOpenSSL::SelectNextProtoCallback(unsigned char** out,
                                                     unsigned char* outlen,
                                                     const unsigned char* in,
                                                     unsigned int inlen) {
 #if defined(OPENSSL_NPN_NEGOTIATED)
   if (ssl_config_.next_protos.empty()) {
-    *out = reinterpret_cast<uint8*>(const_cast<char*>("http/1.1"));
-    *outlen = 8;
-    npn_status_ = SSLClientSocket::kNextProtoUnsupported;
+    *out = reinterpret_cast<uint8*>(
+        const_cast<char*>(kDefaultSupportedNPNProtocol));

[wtc, 2012/06/13 18:01:52]

agl: it seems that these const_casts when assigning values
to |*out| could be avoided if the |out| parameter were
declared as
    const unsigned char** out,

Although OpenSSL passes |&selected| to the callback, where
|selected| is declared as:
    unsigned char *selected;
OpenSSL uses |selected| as a const pointer.

But I guess it is too late to change the prototype of
next_proto_select_cb now.

+    *outlen = arraysize(kDefaultSupportedNPNProtocol) - 1;
+    npn_status_ = kNextProtoUnsupported;
     return SSL_TLSEXT_ERR_OK;
   }
 
   // Assume there's no overlap between our protocols and the server's list.
-  int status = OPENSSL_NPN_NO_OVERLAP;
-  *out = const_cast<unsigned char*>(in) + 1;
-  *outlen = in[0];
+  npn_status_ = kNextProtoNoOverlap;
 
   // For each protocol in server preference order, see if we support it.
   for (unsigned int i = 0; i < inlen; i += in[i] + 1) {
     for (std::vector<std::string>::const_iterator
              j = ssl_config_.next_protos.begin();
          j != ssl_config_.next_protos.end(); ++j) {
+      // We found a match.

[wtc, 2012/06/13 18:01:52]

Nit: it's better to move this comment into the if statement.
(That's the original location of this comment.)

[Johnny(Jianning) Ding, 2012/06/14 04:50:13]

Done. It was to address Ryan's comment, it said "this comment appears
after/inside the condition (as
opposed to say, 885/886, which happen outside/before)"

       if (in[i] == j->size() &&
           memcmp(&in[i + 1], j->data(), in[i]) == 0) {
-        // We find a match.
         *out = const_cast<unsigned char*>(in) + i + 1;
         *outlen = in[i];
-        status = OPENSSL_NPN_NEGOTIATED;
+        npn_status_ = kNextProtoNegotiated;
         break;
       }
     }
-    if (status == OPENSSL_NPN_NEGOTIATED)
+    if (npn_status_ == kNextProtoNegotiated)
       break;
   }
 
+  // If we didn't find a protocol, we select the first one from our list.
+  if (npn_status_ == kNextProtoNoOverlap) {
+    *out = reinterpret_cast<uint8*>(const_cast<char*>(
+        ssl_config_.next_protos[0].data()));
+    *outlen = ssl_config_.next_protos[0].size();
+  }
+
   npn_proto_.assign(reinterpret_cast<const char*>(*out), *outlen);
   server_protos_.assign(reinterpret_cast<const char*>(in), inlen);
-  switch (status) {
-    case OPENSSL_NPN_NEGOTIATED:
-      npn_status_ = SSLClientSocket::kNextProtoNegotiated;
-      break;
-    case OPENSSL_NPN_NO_OVERLAP:
-      npn_status_ = SSLClientSocket::kNextProtoNoOverlap;
-      break;
-    default:
-      NOTREACHED() << status;
-      break;
-  }
   DVLOG(2) << "next protocol: '" << npn_proto_ << "' status: " << npn_status_;
 #endif
   return SSL_TLSEXT_ERR_OK;
 }
 
 int SSLClientSocketOpenSSL::DoVerifyCert(int result) {
   DCHECK(server_cert_);
   GotoState(STATE_VERIFY_CERT_COMPLETE);
 
   CertStatus cert_status;
@@ skipping 407 matching lines @@
     net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_SENT, rv,
                                   user_write_buf_->data());
     return rv;
   }
 
   int err = SSL_get_error(ssl_, rv);
   return MapOpenSSLError(err, err_tracer);
 }
 
 }  // namespace net