moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-11-16 06:25:03 -05:00
Code Issues Releases Wiki Activity

nss: make it possible to enable ALPN/NPN without HTTP2

Browse Source
This commit is contained in:
Alessandro Ghedini 2015-02-16 16:41:57 +01:00 committed by Daniel Stenberg
parent 870a67e01f
commit 42bc45be8e
1 changed files with 31 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
lib/vtls/nss.c
View File

@ -683,14 +683,15 @@ static SECStatus nss_auth_cert_hook(void *arg, PRFileDesc *fd, PRBool checksig,
*/ */
static void HandshakeCallback(PRFileDesc *sock, void *arg) static void HandshakeCallback(PRFileDesc *sock, void *arg)
{ {
#ifdef USE_NGHTTP2
struct connectdata *conn = (struct connectdata*) arg; struct connectdata *conn = (struct connectdata*) arg;
unsigned int buflenmax = 50; unsigned int buflenmax = 50;
unsigned char buf[50]; unsigned char buf[50];
unsigned int buflen; unsigned int buflen;
SSLNextProtoState state; SSLNextProtoState state;
#ifdef USE_NGHTTP2
struct ssl_connect_data *connssl = &conn->ssl[FIRSTSOCKET]; struct ssl_connect_data *connssl = &conn->ssl[FIRSTSOCKET];
#endif
if(!conn->data->set.ssl_enable_npn && !conn->data->set.ssl_enable_alpn) { if(!conn->data->set.ssl_enable_npn && !conn->data->set.ssl_enable_alpn) {
return; return;
@ -701,8 +702,7 @@ static void HandshakeCallback(PRFileDesc *sock, void *arg)
switch(state) { switch(state) {
case SSL_NEXT_PROTO_NO_SUPPORT: case SSL_NEXT_PROTO_NO_SUPPORT:
case SSL_NEXT_PROTO_NO_OVERLAP: case SSL_NEXT_PROTO_NO_OVERLAP:
if(connssl->asked_for_h2) infof(conn->data, "ALPN/NPN, server did not agree to a protocol\n");
infof(conn->data, "TLS, neither ALPN nor NPN succeeded\n");
return; return;
#ifdef SSL_ENABLE_ALPN #ifdef SSL_ENABLE_ALPN
case SSL_NEXT_PROTO_SELECTED: case SSL_NEXT_PROTO_SELECTED:
@ -714,19 +714,18 @@ static void HandshakeCallback(PRFileDesc *sock, void *arg)
break; break;
} }
#ifdef USE_NGHTTP2
if(buflen == NGHTTP2_PROTO_VERSION_ID_LEN && if(buflen == NGHTTP2_PROTO_VERSION_ID_LEN &&
!memcmp(NGHTTP2_PROTO_VERSION_ID, buf, NGHTTP2_PROTO_VERSION_ID_LEN)) { !memcmp(NGHTTP2_PROTO_VERSION_ID, buf, NGHTTP2_PROTO_VERSION_ID_LEN)) {
conn->negnpn = NPN_HTTP2; conn->negnpn = NPN_HTTP2;
} }
else if(buflen == ALPN_HTTP_1_1_LENGTH && else
!memcmp(ALPN_HTTP_1_1, buf, ALPN_HTTP_1_1_LENGTH)) { #endif
if(buflen == ALPN_HTTP_1_1_LENGTH &&
!memcmp(ALPN_HTTP_1_1, buf, ALPN_HTTP_1_1_LENGTH)) {
conn->negnpn = NPN_HTTP1_1; conn->negnpn = NPN_HTTP1_1;
} }
} }
#else
(void)sock;
(void)arg;
#endif
} }
static void display_cert_info(struct SessionHandle *data, static void display_cert_info(struct SessionHandle *data,
@ -1456,16 +1455,6 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
SSL_LIBRARY_VERSION_TLS_1_0 /* max */ SSL_LIBRARY_VERSION_TLS_1_0 /* max */
}; };
#ifdef USE_NGHTTP2
#if defined(SSL_ENABLE_NPN) || defined(SSL_ENABLE_ALPN)
unsigned int alpn_protos_len = NGHTTP2_PROTO_VERSION_ID_LEN +
ALPN_HTTP_1_1_LENGTH + 2;
unsigned char alpn_protos[NGHTTP2_PROTO_VERSION_ID_LEN + ALPN_HTTP_1_1_LENGTH
+ 2];
int cur = 0;
#endif
#endif
connssl->data = data; connssl->data = data;
/* list of all NSS objects we need to destroy in Curl_nss_close() */ /* list of all NSS objects we need to destroy in Curl_nss_close() */
@ -1653,43 +1642,40 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
} }
#endif #endif
#ifdef USE_NGHTTP2
if(data->set.httpversion == CURL_HTTP_VERSION_2_0) {
#ifdef SSL_ENABLE_NPN #ifdef SSL_ENABLE_NPN
if(data->set.ssl_enable_npn) { if(data->set.ssl_enable_npn) {
if(SSL_OptionSet(connssl->handle, SSL_ENABLE_NPN, PR_TRUE) != SECSuccess) if(SSL_OptionSet(connssl->handle, SSL_ENABLE_NPN, PR_TRUE) != SECSuccess)
goto error; goto error;
} }
#endif #endif
#ifdef SSL_ENABLE_ALPN #ifdef SSL_ENABLE_ALPN
if(data->set.ssl_enable_alpn) { if(data->set.ssl_enable_alpn) {
if(SSL_OptionSet(connssl->handle, SSL_ENABLE_ALPN, PR_TRUE) if(SSL_OptionSet(connssl->handle, SSL_ENABLE_ALPN, PR_TRUE)
!= SECSuccess) != SECSuccess)
goto error; goto error;
} }
#endif #endif
#if defined(SSL_ENABLE_NPN) || defined(SSL_ENABLE_ALPN) #if defined(SSL_ENABLE_NPN) || defined(SSL_ENABLE_ALPN)
if(data->set.ssl_enable_npn || data->set.ssl_enable_alpn) { if(data->set.ssl_enable_npn || data->set.ssl_enable_alpn) {
alpn_protos[cur] = NGHTTP2_PROTO_VERSION_ID_LEN; int cur = 0;
cur++; unsigned char protocols[128];
memcpy(&alpn_protos[cur], NGHTTP2_PROTO_VERSION_ID,
#ifdef USE_NGHTTP2
if(data->set.httpversion == CURL_HTTP_VERSION_2_0) {
protocols[cur++] = NGHTTP2_PROTO_VERSION_ID_LEN;
memcpy(&protocols[cur], NGHTTP2_PROTO_VERSION_ID,
NGHTTP2_PROTO_VERSION_ID_LEN); NGHTTP2_PROTO_VERSION_ID_LEN);
cur += NGHTTP2_PROTO_VERSION_ID_LEN; cur += NGHTTP2_PROTO_VERSION_ID_LEN;
alpn_protos[cur] = ALPN_HTTP_1_1_LENGTH;
cur++;
memcpy(&alpn_protos[cur], ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH);
if(SSL_SetNextProtoNego(connssl->handle, alpn_protos, alpn_protos_len)
!= SECSuccess)
goto error;
connssl->asked_for_h2 = TRUE;
}
else {
infof(data, "SSL, can't negotiate HTTP/2.0 with neither NPN nor ALPN\n");
} }
#endif #endif
protocols[cur++] = ALPN_HTTP_1_1_LENGTH;
memcpy(&protocols[cur], ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH);
cur += ALPN_HTTP_1_1_LENGTH;
if(SSL_SetNextProtoNego(connssl->handle, protocols, cur) != SECSuccess)
goto error;
} }
#endif #endif