From 32b11385ddced7eafe68c60eebbb2c81979ce35f Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Sat, 16 Oct 2021 00:24:07 +0100
Subject: [PATCH] Fix ALPN/OpenSSL.  Bug 2815

Broken-by: c4b4086235
---
 doc/doc-txt/ChangeLog | 3 +++
 src/src/tls-openssl.c | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 1a29ae50b..811d12362 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -25,6 +25,9 @@ JH/05 Bug 2819: speed up command-line messages being read in.  Previously a
       time check was being done for every character; replace that with one
       per buffer.
 
+JH/06 Bug 2815: Fix ALPN sent by server under OpenSSL.  Previously the string
+      sent was prefixed with a length byte.
+
 
 Exim version 4.95
 -----------------
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index fddad9edc..590d271f7 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -2182,7 +2182,7 @@ if (  inlen > 1		/* at least one name */
   for (uschar * name; name = string_nextinlist(&list, &sep, NULL, 0); )
     if (Ustrncmp(in+1, name, in[0]) == 0)
       {
-      *out = in;			/* we checked for exactly one, so can just point to it */
+      *out = in+1;			/* we checked for exactly one, so can just point to it */
       *outlen = inlen;
       return SSL_TLSEXT_ERR_OK;		/* use ALPN */
       }
-- 
2.30.2