From 1439dfb576a77b25845905d8e933aac497a26610 Mon Sep 17 00:00:00 2001 From: Fabian Frank Date: Mon, 19 May 2014 02:12:11 -0700 Subject: [PATCH] polarssl: add ALPN support PolarSSL added ALPN support in their 1.3.6 release. See: https://polarssl.org/tech-updates/releases/polarssl-1.3.6-released --- lib/vtls/polarssl.c | 48 +++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 46 insertions(+), 2 deletions(-) diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c index 705805ac7..f9484866a 100644 --- a/lib/vtls/polarssl.c +++ b/lib/vtls/polarssl.c @@ -119,6 +119,14 @@ static void polarssl_debug(void *context, int level, const char *line) #else #endif +/* ALPN for http2? */ +#ifdef USE_NGHTTP2 +# undef HAS_ALPN +# ifdef POLARSSL_SSL_ALPN +# define HAS_ALPN +# endif +#endif + static Curl_recv polarssl_recv; static Curl_send polarssl_send; @@ -139,11 +147,9 @@ polarssl_connect_step1(struct connectdata *conn, #endif void *old_session = NULL; size_t old_session_size = 0; - char errorbuf[128]; memset(errorbuf, 0, sizeof(errorbuf)); - /* PolarSSL only supports SSLv3 and TLSv1 */ if(data->set.ssl.version == CURL_SSLVERSION_SSLv2) { failf(data, "PolarSSL does not support SSLv2"); @@ -299,6 +305,19 @@ polarssl_connect_step1(struct connectdata *conn, "server name indication (SNI) TLS extension\n"); } +#ifdef HAS_ALPN + if(data->set.httpversion == CURL_HTTP_VERSION_2_0) { + if(data->set.ssl_enable_alpn) { + static const char* protocols[] = { + NGHTTP2_PROTO_VERSION_ID, ALPN_HTTP_1_1, NULL + }; + ssl_set_alpn_protocols(&connssl->ssl, protocols); + infof(data, "ALPN, offering %s, %s\n", protocols[0], + protocols[1]); + } + } +#endif + #ifdef POLARSSL_DEBUG ssl_set_dbg(&connssl->ssl, polarssl_debug, data); #endif @@ -317,6 +336,10 @@ polarssl_connect_step2(struct connectdata *conn, struct ssl_connect_data* connssl = &conn->ssl[sockindex]; char buffer[1024]; +#ifdef HAS_ALPN + const char* next_protocol; +#endif + char errorbuf[128]; memset(errorbuf, 0, sizeof(errorbuf)); @@ -384,6 +407,27 @@ polarssl_connect_step2(struct connectdata *conn, infof(data, "Dumping cert info:\n%s\n", buffer); } +#ifdef HAS_ALPN + if(data->set.ssl_enable_alpn) { + next_protocol = ssl_get_alpn_protocol(&connssl->ssl); + + if(next_protocol != NULL) { + infof(data, "ALPN, server accepted to use %s\n", next_protocol); + + if(strncmp(next_protocol, NGHTTP2_PROTO_VERSION_ID, + NGHTTP2_PROTO_VERSION_ID_LEN)) { + conn->negnpn = NPN_HTTP2; + } + else if(strncmp(next_protocol, ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH)) { + conn->negnpn = NPN_HTTP1_1; + } + } + else { + infof(data, "ALPN, server did not agree to a protocol\n"); + } + } +#endif + connssl->connecting_state = ssl_connect_3; infof(data, "SSL connected\n");