From e9ff50fcb042a1f6322caad86faeaa8dc906934e Mon Sep 17 00:00:00 2001
From: Peter Wu <pwu@cloudflare.com>
Date: Thu, 21 Sep 2017 14:27:53 +0100
Subject: [PATCH] tris: process ALPN in EE received by client

---
 13.go | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/13.go b/13.go
index cc30624..64e0132 100644
--- a/13.go
+++ b/13.go
@@ -744,6 +744,15 @@ func (hs *clientHandshakeState) processCertsFromServer13(certMsg *certificateMsg
 	return hs.processCertsFromServer(certs)
 }
 
+func (hs *clientHandshakeState) processEncryptedExtensions(ee *encryptedExtensionsMsg) error {
+	c := hs.c
+	if ee.alpnProtocol != "" {
+		c.clientProtocol = ee.alpnProtocol
+		c.clientProtocolFallback = false
+	}
+	return nil
+}
+
 func (hs *clientHandshakeState) verifyPeerCertificate(certVerify *certificateVerifyMsg) error {
 	pub := hs.c.peerCertificates[0].PublicKey
 	_, sigType, hashFunc, err := pickSignatureAlgorithm(pub, []SignatureScheme{certVerify.signatureAlgorithm}, hs.hello.supportedSignatureAlgorithms, hs.c.vers)
@@ -805,8 +814,10 @@ func (hs *clientHandshakeState) doTLS13Handshake() error {
 		c.sendAlert(alertUnexpectedMessage)
 		return unexpectedMessageError(encryptedExtensions, msg)
 	}
+	if err := hs.processEncryptedExtensions(encryptedExtensions); err != nil {
+		return err
+	}
 	hs.keySchedule.write(encryptedExtensions.marshal())
-	// TODO process encryptedExtensions
 
 	// PSKs are not supported, so receive Certificate message.
 	msg, err = c.readHandshake()