1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-23 08:38:49 -05:00

tls: add USE_HTTP2 define

This abstracts across the two HTTP/2 backends: nghttp2 and Hyper.

Add our own define for the "h2" ALPN protocol, so TLS backends can use
it without depending on a specific HTTP backend.

Closes #6959
This commit is contained in:
Jacob Hoffman-Andrews 2021-04-24 18:05:15 -07:00 committed by Daniel Stenberg
parent 5c932f8fe9
commit a3268eca79
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
9 changed files with 55 additions and 56 deletions

View File

@ -801,6 +801,10 @@ int getpwuid_r(uid_t uid, struct passwd *pwd, char *buf,
#define UNITTEST static #define UNITTEST static
#endif #endif
#if defined(USE_NGHTTP2) || defined(USE_HYPER)
#define USE_HTTP2
#endif
#if defined(USE_NGTCP2) || defined(USE_QUICHE) #if defined(USE_NGTCP2) || defined(USE_QUICHE)
#define ENABLE_QUIC #define ENABLE_QUIC
#endif #endif

View File

@ -385,14 +385,14 @@ static CURLcode bearssl_connect_step1(struct Curl_easy *data,
* protocols array in `struct ssl_backend_data`. * protocols array in `struct ssl_backend_data`.
*/ */
#ifdef USE_NGHTTP2 #ifdef USE_HTTP2
if(data->state.httpwant >= CURL_HTTP_VERSION_2 if(data->state.httpwant >= CURL_HTTP_VERSION_2
#ifndef CURL_DISABLE_PROXY #ifndef CURL_DISABLE_PROXY
&& (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy) && (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)
#endif #endif
) { ) {
backend->protocols[cur++] = NGHTTP2_PROTO_VERSION_ID; backend->protocols[cur++] = ALPN_H2;
infof(data, "ALPN, offering %s\n", NGHTTP2_PROTO_VERSION_ID); infof(data, "ALPN, offering %s\n", ALPN_H2);
} }
#endif #endif
@ -540,8 +540,8 @@ static CURLcode bearssl_connect_step3(struct Curl_easy *data,
if(protocol) { if(protocol) {
infof(data, "ALPN, server accepted to use %s\n", protocol); infof(data, "ALPN, server accepted to use %s\n", protocol);
#ifdef USE_NGHTTP2 #ifdef USE_HTTP2
if(!strcmp(protocol, NGHTTP2_PROTO_VERSION_ID)) if(!strcmp(protocol, ALPN_H2))
conn->negnpn = CURL_HTTP_VERSION_2; conn->negnpn = CURL_HTTP_VERSION_2;
else else
#endif #endif

View File

@ -611,16 +611,16 @@ gtls_connect_step1(struct Curl_easy *data,
int cur = 0; int cur = 0;
gnutls_datum_t protocols[2]; gnutls_datum_t protocols[2];
#ifdef USE_NGHTTP2 #ifdef USE_HTTP2
if(data->state.httpwant >= CURL_HTTP_VERSION_2 if(data->state.httpwant >= CURL_HTTP_VERSION_2
#ifndef CURL_DISABLE_PROXY #ifndef CURL_DISABLE_PROXY
&& (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy) && (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)
#endif #endif
) { ) {
protocols[cur].data = (unsigned char *)NGHTTP2_PROTO_VERSION_ID; protocols[cur].data = (unsigned char *)ALPN_H2;
protocols[cur].size = NGHTTP2_PROTO_VERSION_ID_LEN; protocols[cur].size = ALPN_H2_LENGTH;
cur++; cur++;
infof(data, "ALPN, offering %s\n", NGHTTP2_PROTO_VERSION_ID); infof(data, "ALPN, offering %.*s\n", ALPN_H2_LENGTH, ALPN_H2);
} }
#endif #endif
@ -1242,10 +1242,10 @@ gtls_connect_step3(struct Curl_easy *data,
infof(data, "ALPN, server accepted to use %.*s\n", proto.size, infof(data, "ALPN, server accepted to use %.*s\n", proto.size,
proto.data); proto.data);
#ifdef USE_NGHTTP2 #ifdef USE_HTTP2
if(proto.size == NGHTTP2_PROTO_VERSION_ID_LEN && if(proto.size == ALPN_H2_LENGTH &&
!memcmp(NGHTTP2_PROTO_VERSION_ID, proto.data, !memcmp(ALPN_H2, proto.data,
NGHTTP2_PROTO_VERSION_ID_LEN)) { ALPN_H2_LENGTH)) {
conn->negnpn = CURL_HTTP_VERSION_2; conn->negnpn = CURL_HTTP_VERSION_2;
} }
else else

View File

@ -870,8 +870,8 @@ static void HandshakeCallback(PRFileDesc *sock, void *arg)
} }
#ifdef USE_NGHTTP2 #ifdef USE_NGHTTP2
if(buflen == NGHTTP2_PROTO_VERSION_ID_LEN && if(buflen == ALPN_H2_LENGTH &&
!memcmp(NGHTTP2_PROTO_VERSION_ID, buf, NGHTTP2_PROTO_VERSION_ID_LEN)) { !memcmp(ALPN_H2, buf, ALPN_H2_LENGTH)) {
conn->negnpn = CURL_HTTP_VERSION_2; conn->negnpn = CURL_HTTP_VERSION_2;
} }
else else
@ -2103,16 +2103,15 @@ static CURLcode nss_setup_connect(struct Curl_easy *data,
int cur = 0; int cur = 0;
unsigned char protocols[128]; unsigned char protocols[128];
#ifdef USE_NGHTTP2 #ifdef USE_HTTP2
if(data->state.httpwant >= CURL_HTTP_VERSION_2 if(data->state.httpwant >= CURL_HTTP_VERSION_2
#ifndef CURL_DISABLE_PROXY #ifndef CURL_DISABLE_PROXY
&& (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy) && (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)
#endif #endif
) { ) {
protocols[cur++] = NGHTTP2_PROTO_VERSION_ID_LEN; protocols[cur++] = ALPN_H2_LENGTH;
memcpy(&protocols[cur], NGHTTP2_PROTO_VERSION_ID, memcpy(&protocols[cur], ALPN_H2, ALPN_H2_LENGTH);
NGHTTP2_PROTO_VERSION_ID_LEN); cur += ALPN_H2_LENGTH;
cur += NGHTTP2_PROTO_VERSION_ID_LEN;
} }
#endif #endif
protocols[cur++] = ALPN_HTTP_1_1_LENGTH; protocols[cur++] = ALPN_HTTP_1_1_LENGTH;

View File

@ -2256,12 +2256,10 @@ select_next_proto_cb(SSL *ssl,
struct connectdata *conn = data->conn; struct connectdata *conn = data->conn;
(void)ssl; (void)ssl;
#ifdef USE_NGHTTP2 #ifdef USE_HTTP2
if(data->state.httpwant >= CURL_HTTP_VERSION_2 && if(data->state.httpwant >= CURL_HTTP_VERSION_2 &&
!select_next_protocol(out, outlen, in, inlen, NGHTTP2_PROTO_VERSION_ID, !select_next_protocol(out, outlen, in, inlen, ALPN_H2, ALPN_H2_LENGTH)) {
NGHTTP2_PROTO_VERSION_ID_LEN)) { infof(data, "NPN, negotiated HTTP2 (%s)\n", ALPN_H2);
infof(data, "NPN, negotiated HTTP2 (%s)\n",
NGHTTP2_PROTO_VERSION_ID);
conn->negnpn = CURL_HTTP_VERSION_2; conn->negnpn = CURL_HTTP_VERSION_2;
return SSL_TLSEXT_ERR_OK; return SSL_TLSEXT_ERR_OK;
} }
@ -2710,18 +2708,17 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data,
int cur = 0; int cur = 0;
unsigned char protocols[128]; unsigned char protocols[128];
#ifdef USE_NGHTTP2 #ifdef USE_HTTP2
if(data->state.httpwant >= CURL_HTTP_VERSION_2 if(data->state.httpwant >= CURL_HTTP_VERSION_2
#ifndef CURL_DISABLE_PROXY #ifndef CURL_DISABLE_PROXY
&& (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy) && (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)
#endif #endif
) { ) {
protocols[cur++] = NGHTTP2_PROTO_VERSION_ID_LEN; protocols[cur++] = ALPN_H2_LENGTH;
memcpy(&protocols[cur], NGHTTP2_PROTO_VERSION_ID, memcpy(&protocols[cur], ALPN_H2, ALPN_H2_LENGTH);
NGHTTP2_PROTO_VERSION_ID_LEN); cur += ALPN_H2_LENGTH;
cur += NGHTTP2_PROTO_VERSION_ID_LEN; infof(data, "ALPN, offering %s\n", ALPN_H2);
infof(data, "ALPN, offering %s\n", NGHTTP2_PROTO_VERSION_ID);
} }
#endif #endif
@ -3345,9 +3342,9 @@ static CURLcode ossl_connect_step2(struct Curl_easy *data,
if(len) { if(len) {
infof(data, "ALPN, server accepted to use %.*s\n", len, neg_protocol); infof(data, "ALPN, server accepted to use %.*s\n", len, neg_protocol);
#ifdef USE_NGHTTP2 #ifdef USE_HTTP2
if(len == NGHTTP2_PROTO_VERSION_ID_LEN && if(len == ALPN_H2_LENGTH &&
!memcmp(NGHTTP2_PROTO_VERSION_ID, neg_protocol, len)) { !memcmp(ALPN_H2, neg_protocol, len)) {
conn->negnpn = CURL_HTTP_VERSION_2; conn->negnpn = CURL_HTTP_VERSION_2;
} }
else else

View File

@ -877,11 +877,11 @@ schannel_connect_step1(struct Curl_easy *data, struct connectdata *conn,
list_start_index = cur; list_start_index = cur;
#ifdef USE_NGHTTP2 #ifdef USE_HTTP2
if(data->state.httpwant >= CURL_HTTP_VERSION_2) { if(data->state.httpwant >= CURL_HTTP_VERSION_2) {
memcpy(&alpn_buffer[cur], NGHTTP2_PROTO_ALPN, NGHTTP2_PROTO_ALPN_LEN); memcpy(&alpn_buffer[cur], ALPN_H2, ALPN_H2_LENGTH);
cur += NGHTTP2_PROTO_ALPN_LEN; cur += ALPN_H2_LENGTH;
infof(data, "schannel: ALPN, offering %s\n", NGHTTP2_PROTO_VERSION_ID); infof(data, "schannel: ALPN, offering %s\n", ALPN_H2);
} }
#endif #endif
@ -1392,10 +1392,9 @@ schannel_connect_step3(struct Curl_easy *data, struct connectdata *conn,
infof(data, "schannel: ALPN, server accepted to use %.*s\n", infof(data, "schannel: ALPN, server accepted to use %.*s\n",
alpn_result.ProtocolIdSize, alpn_result.ProtocolId); alpn_result.ProtocolIdSize, alpn_result.ProtocolId);
#ifdef USE_NGHTTP2 #ifdef USE_HTTP2
if(alpn_result.ProtocolIdSize == NGHTTP2_PROTO_VERSION_ID_LEN && if(alpn_result.ProtocolIdSize == ALPN_H2_LENGTH &&
!memcmp(NGHTTP2_PROTO_VERSION_ID, alpn_result.ProtocolId, !memcmp(ALPN_H2, alpn_result.ProtocolId, ALPN_H2_LENGTH)) {
NGHTTP2_PROTO_VERSION_ID_LEN)) {
conn->negnpn = CURL_HTTP_VERSION_2; conn->negnpn = CURL_HTTP_VERSION_2;
} }
else else

View File

@ -1829,14 +1829,14 @@ static CURLcode sectransp_connect_step1(struct Curl_easy *data,
CFMutableArrayRef alpnArr = CFArrayCreateMutable(NULL, 0, CFMutableArrayRef alpnArr = CFArrayCreateMutable(NULL, 0,
&kCFTypeArrayCallBacks); &kCFTypeArrayCallBacks);
#ifdef USE_NGHTTP2 #ifdef USE_HTTP2
if(data->state.httpwant >= CURL_HTTP_VERSION_2 if(data->state.httpwant >= CURL_HTTP_VERSION_2
#ifndef CURL_DISABLE_PROXY #ifndef CURL_DISABLE_PROXY
&& (!isproxy || !conn->bits.tunnel_proxy) && (!isproxy || !conn->bits.tunnel_proxy)
#endif #endif
) { ) {
CFArrayAppendValue(alpnArr, CFSTR(NGHTTP2_PROTO_VERSION_ID)); CFArrayAppendValue(alpnArr, CFSTR(ALPN_H2));
infof(data, "ALPN, offering %s\n", NGHTTP2_PROTO_VERSION_ID); infof(data, "ALPN, offering %s\n", ALPN_H2);
} }
#endif #endif
@ -2788,10 +2788,9 @@ sectransp_connect_step2(struct Curl_easy *data, struct connectdata *conn,
if(err == noErr && alpnArr && CFArrayGetCount(alpnArr) >= 1) if(err == noErr && alpnArr && CFArrayGetCount(alpnArr) >= 1)
chosenProtocol = CFArrayGetValueAtIndex(alpnArr, 0); chosenProtocol = CFArrayGetValueAtIndex(alpnArr, 0);
#ifdef USE_NGHTTP2 #ifdef USE_HTTP2
if(chosenProtocol && if(chosenProtocol &&
!CFStringCompare(chosenProtocol, CFSTR(NGHTTP2_PROTO_VERSION_ID), !CFStringCompare(chosenProtocol, CFSTR(ALPN_H2), 0)) {
0)) {
conn->negnpn = CURL_HTTP_VERSION_2; conn->negnpn = CURL_HTTP_VERSION_2;
} }
else else

View File

@ -126,9 +126,11 @@ bool Curl_ssl_tls13_ciphersuites(void);
#define CURL_SHA256_DIGEST_LENGTH 32 /* fixed size */ #define CURL_SHA256_DIGEST_LENGTH 32 /* fixed size */
#endif #endif
/* see https://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-04 */ /* see https://www.iana.org/assignments/tls-extensiontype-values/ */
#define ALPN_HTTP_1_1_LENGTH 8 #define ALPN_HTTP_1_1_LENGTH 8
#define ALPN_HTTP_1_1 "http/1.1" #define ALPN_HTTP_1_1 "http/1.1"
#define ALPN_H2_LENGTH 2
#define ALPN_H2 "h2"
/* set of helper macros for the backends to access the correct fields. For the /* set of helper macros for the backends to access the correct fields. For the
proxy or for the remote host - to properly support HTTPS proxy */ proxy or for the remote host - to properly support HTTPS proxy */

View File

@ -451,10 +451,10 @@ wolfssl_connect_step1(struct Curl_easy *data, struct connectdata *conn,
/* wolfSSL's ALPN protocol name list format is a comma separated string of /* wolfSSL's ALPN protocol name list format is a comma separated string of
protocols in descending order of preference, eg: "h2,http/1.1" */ protocols in descending order of preference, eg: "h2,http/1.1" */
#ifdef USE_NGHTTP2 #ifdef USE_HTTP2
if(data->state.httpwant >= CURL_HTTP_VERSION_2) { if(data->state.httpwant >= CURL_HTTP_VERSION_2) {
strcpy(protocols + strlen(protocols), NGHTTP2_PROTO_VERSION_ID ","); strcpy(protocols + strlen(protocols), ALPN_H2 ",");
infof(data, "ALPN, offering %s\n", NGHTTP2_PROTO_VERSION_ID); infof(data, "ALPN, offering %s\n", ALPN_H2);
} }
#endif #endif
@ -691,11 +691,10 @@ wolfssl_connect_step2(struct Curl_easy *data, struct connectdata *conn,
if(protocol_len == ALPN_HTTP_1_1_LENGTH && if(protocol_len == ALPN_HTTP_1_1_LENGTH &&
!memcmp(protocol, ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH)) !memcmp(protocol, ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH))
conn->negnpn = CURL_HTTP_VERSION_1_1; conn->negnpn = CURL_HTTP_VERSION_1_1;
#ifdef USE_NGHTTP2 #ifdef USE_HTTP2
else if(data->state.httpwant >= CURL_HTTP_VERSION_2 && else if(data->state.httpwant >= CURL_HTTP_VERSION_2 &&
protocol_len == NGHTTP2_PROTO_VERSION_ID_LEN && protocol_len == ALPN_H2_LENGTH &&
!memcmp(protocol, NGHTTP2_PROTO_VERSION_ID, !memcmp(protocol, ALPN_H2, ALPN_H2_LENGTH))
NGHTTP2_PROTO_VERSION_ID_LEN))
conn->negnpn = CURL_HTTP_VERSION_2; conn->negnpn = CURL_HTTP_VERSION_2;
#endif #endif
else else