mirror of
https://github.com/moparisthebest/curl
synced 2024-12-23 08:38:49 -05:00
tls: add USE_HTTP2 define
This abstracts across the two HTTP/2 backends: nghttp2 and Hyper. Add our own define for the "h2" ALPN protocol, so TLS backends can use it without depending on a specific HTTP backend. Closes #6959
This commit is contained in:
parent
5c932f8fe9
commit
a3268eca79
@ -801,6 +801,10 @@ int getpwuid_r(uid_t uid, struct passwd *pwd, char *buf,
|
|||||||
#define UNITTEST static
|
#define UNITTEST static
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(USE_NGHTTP2) || defined(USE_HYPER)
|
||||||
|
#define USE_HTTP2
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(USE_NGTCP2) || defined(USE_QUICHE)
|
#if defined(USE_NGTCP2) || defined(USE_QUICHE)
|
||||||
#define ENABLE_QUIC
|
#define ENABLE_QUIC
|
||||||
#endif
|
#endif
|
||||||
|
@ -385,14 +385,14 @@ static CURLcode bearssl_connect_step1(struct Curl_easy *data,
|
|||||||
* protocols array in `struct ssl_backend_data`.
|
* protocols array in `struct ssl_backend_data`.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#ifdef USE_NGHTTP2
|
#ifdef USE_HTTP2
|
||||||
if(data->state.httpwant >= CURL_HTTP_VERSION_2
|
if(data->state.httpwant >= CURL_HTTP_VERSION_2
|
||||||
#ifndef CURL_DISABLE_PROXY
|
#ifndef CURL_DISABLE_PROXY
|
||||||
&& (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)
|
&& (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)
|
||||||
#endif
|
#endif
|
||||||
) {
|
) {
|
||||||
backend->protocols[cur++] = NGHTTP2_PROTO_VERSION_ID;
|
backend->protocols[cur++] = ALPN_H2;
|
||||||
infof(data, "ALPN, offering %s\n", NGHTTP2_PROTO_VERSION_ID);
|
infof(data, "ALPN, offering %s\n", ALPN_H2);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -540,8 +540,8 @@ static CURLcode bearssl_connect_step3(struct Curl_easy *data,
|
|||||||
if(protocol) {
|
if(protocol) {
|
||||||
infof(data, "ALPN, server accepted to use %s\n", protocol);
|
infof(data, "ALPN, server accepted to use %s\n", protocol);
|
||||||
|
|
||||||
#ifdef USE_NGHTTP2
|
#ifdef USE_HTTP2
|
||||||
if(!strcmp(protocol, NGHTTP2_PROTO_VERSION_ID))
|
if(!strcmp(protocol, ALPN_H2))
|
||||||
conn->negnpn = CURL_HTTP_VERSION_2;
|
conn->negnpn = CURL_HTTP_VERSION_2;
|
||||||
else
|
else
|
||||||
#endif
|
#endif
|
||||||
|
@ -611,16 +611,16 @@ gtls_connect_step1(struct Curl_easy *data,
|
|||||||
int cur = 0;
|
int cur = 0;
|
||||||
gnutls_datum_t protocols[2];
|
gnutls_datum_t protocols[2];
|
||||||
|
|
||||||
#ifdef USE_NGHTTP2
|
#ifdef USE_HTTP2
|
||||||
if(data->state.httpwant >= CURL_HTTP_VERSION_2
|
if(data->state.httpwant >= CURL_HTTP_VERSION_2
|
||||||
#ifndef CURL_DISABLE_PROXY
|
#ifndef CURL_DISABLE_PROXY
|
||||||
&& (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)
|
&& (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)
|
||||||
#endif
|
#endif
|
||||||
) {
|
) {
|
||||||
protocols[cur].data = (unsigned char *)NGHTTP2_PROTO_VERSION_ID;
|
protocols[cur].data = (unsigned char *)ALPN_H2;
|
||||||
protocols[cur].size = NGHTTP2_PROTO_VERSION_ID_LEN;
|
protocols[cur].size = ALPN_H2_LENGTH;
|
||||||
cur++;
|
cur++;
|
||||||
infof(data, "ALPN, offering %s\n", NGHTTP2_PROTO_VERSION_ID);
|
infof(data, "ALPN, offering %.*s\n", ALPN_H2_LENGTH, ALPN_H2);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -1242,10 +1242,10 @@ gtls_connect_step3(struct Curl_easy *data,
|
|||||||
infof(data, "ALPN, server accepted to use %.*s\n", proto.size,
|
infof(data, "ALPN, server accepted to use %.*s\n", proto.size,
|
||||||
proto.data);
|
proto.data);
|
||||||
|
|
||||||
#ifdef USE_NGHTTP2
|
#ifdef USE_HTTP2
|
||||||
if(proto.size == NGHTTP2_PROTO_VERSION_ID_LEN &&
|
if(proto.size == ALPN_H2_LENGTH &&
|
||||||
!memcmp(NGHTTP2_PROTO_VERSION_ID, proto.data,
|
!memcmp(ALPN_H2, proto.data,
|
||||||
NGHTTP2_PROTO_VERSION_ID_LEN)) {
|
ALPN_H2_LENGTH)) {
|
||||||
conn->negnpn = CURL_HTTP_VERSION_2;
|
conn->negnpn = CURL_HTTP_VERSION_2;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
@ -870,8 +870,8 @@ static void HandshakeCallback(PRFileDesc *sock, void *arg)
|
|||||||
}
|
}
|
||||||
|
|
||||||
#ifdef USE_NGHTTP2
|
#ifdef USE_NGHTTP2
|
||||||
if(buflen == NGHTTP2_PROTO_VERSION_ID_LEN &&
|
if(buflen == ALPN_H2_LENGTH &&
|
||||||
!memcmp(NGHTTP2_PROTO_VERSION_ID, buf, NGHTTP2_PROTO_VERSION_ID_LEN)) {
|
!memcmp(ALPN_H2, buf, ALPN_H2_LENGTH)) {
|
||||||
conn->negnpn = CURL_HTTP_VERSION_2;
|
conn->negnpn = CURL_HTTP_VERSION_2;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
@ -2103,16 +2103,15 @@ static CURLcode nss_setup_connect(struct Curl_easy *data,
|
|||||||
int cur = 0;
|
int cur = 0;
|
||||||
unsigned char protocols[128];
|
unsigned char protocols[128];
|
||||||
|
|
||||||
#ifdef USE_NGHTTP2
|
#ifdef USE_HTTP2
|
||||||
if(data->state.httpwant >= CURL_HTTP_VERSION_2
|
if(data->state.httpwant >= CURL_HTTP_VERSION_2
|
||||||
#ifndef CURL_DISABLE_PROXY
|
#ifndef CURL_DISABLE_PROXY
|
||||||
&& (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)
|
&& (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)
|
||||||
#endif
|
#endif
|
||||||
) {
|
) {
|
||||||
protocols[cur++] = NGHTTP2_PROTO_VERSION_ID_LEN;
|
protocols[cur++] = ALPN_H2_LENGTH;
|
||||||
memcpy(&protocols[cur], NGHTTP2_PROTO_VERSION_ID,
|
memcpy(&protocols[cur], ALPN_H2, ALPN_H2_LENGTH);
|
||||||
NGHTTP2_PROTO_VERSION_ID_LEN);
|
cur += ALPN_H2_LENGTH;
|
||||||
cur += NGHTTP2_PROTO_VERSION_ID_LEN;
|
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
protocols[cur++] = ALPN_HTTP_1_1_LENGTH;
|
protocols[cur++] = ALPN_HTTP_1_1_LENGTH;
|
||||||
|
@ -2256,12 +2256,10 @@ select_next_proto_cb(SSL *ssl,
|
|||||||
struct connectdata *conn = data->conn;
|
struct connectdata *conn = data->conn;
|
||||||
(void)ssl;
|
(void)ssl;
|
||||||
|
|
||||||
#ifdef USE_NGHTTP2
|
#ifdef USE_HTTP2
|
||||||
if(data->state.httpwant >= CURL_HTTP_VERSION_2 &&
|
if(data->state.httpwant >= CURL_HTTP_VERSION_2 &&
|
||||||
!select_next_protocol(out, outlen, in, inlen, NGHTTP2_PROTO_VERSION_ID,
|
!select_next_protocol(out, outlen, in, inlen, ALPN_H2, ALPN_H2_LENGTH)) {
|
||||||
NGHTTP2_PROTO_VERSION_ID_LEN)) {
|
infof(data, "NPN, negotiated HTTP2 (%s)\n", ALPN_H2);
|
||||||
infof(data, "NPN, negotiated HTTP2 (%s)\n",
|
|
||||||
NGHTTP2_PROTO_VERSION_ID);
|
|
||||||
conn->negnpn = CURL_HTTP_VERSION_2;
|
conn->negnpn = CURL_HTTP_VERSION_2;
|
||||||
return SSL_TLSEXT_ERR_OK;
|
return SSL_TLSEXT_ERR_OK;
|
||||||
}
|
}
|
||||||
@ -2710,18 +2708,17 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data,
|
|||||||
int cur = 0;
|
int cur = 0;
|
||||||
unsigned char protocols[128];
|
unsigned char protocols[128];
|
||||||
|
|
||||||
#ifdef USE_NGHTTP2
|
#ifdef USE_HTTP2
|
||||||
if(data->state.httpwant >= CURL_HTTP_VERSION_2
|
if(data->state.httpwant >= CURL_HTTP_VERSION_2
|
||||||
#ifndef CURL_DISABLE_PROXY
|
#ifndef CURL_DISABLE_PROXY
|
||||||
&& (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)
|
&& (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)
|
||||||
#endif
|
#endif
|
||||||
) {
|
) {
|
||||||
protocols[cur++] = NGHTTP2_PROTO_VERSION_ID_LEN;
|
protocols[cur++] = ALPN_H2_LENGTH;
|
||||||
|
|
||||||
memcpy(&protocols[cur], NGHTTP2_PROTO_VERSION_ID,
|
memcpy(&protocols[cur], ALPN_H2, ALPN_H2_LENGTH);
|
||||||
NGHTTP2_PROTO_VERSION_ID_LEN);
|
cur += ALPN_H2_LENGTH;
|
||||||
cur += NGHTTP2_PROTO_VERSION_ID_LEN;
|
infof(data, "ALPN, offering %s\n", ALPN_H2);
|
||||||
infof(data, "ALPN, offering %s\n", NGHTTP2_PROTO_VERSION_ID);
|
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -3345,9 +3342,9 @@ static CURLcode ossl_connect_step2(struct Curl_easy *data,
|
|||||||
if(len) {
|
if(len) {
|
||||||
infof(data, "ALPN, server accepted to use %.*s\n", len, neg_protocol);
|
infof(data, "ALPN, server accepted to use %.*s\n", len, neg_protocol);
|
||||||
|
|
||||||
#ifdef USE_NGHTTP2
|
#ifdef USE_HTTP2
|
||||||
if(len == NGHTTP2_PROTO_VERSION_ID_LEN &&
|
if(len == ALPN_H2_LENGTH &&
|
||||||
!memcmp(NGHTTP2_PROTO_VERSION_ID, neg_protocol, len)) {
|
!memcmp(ALPN_H2, neg_protocol, len)) {
|
||||||
conn->negnpn = CURL_HTTP_VERSION_2;
|
conn->negnpn = CURL_HTTP_VERSION_2;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
@ -877,11 +877,11 @@ schannel_connect_step1(struct Curl_easy *data, struct connectdata *conn,
|
|||||||
|
|
||||||
list_start_index = cur;
|
list_start_index = cur;
|
||||||
|
|
||||||
#ifdef USE_NGHTTP2
|
#ifdef USE_HTTP2
|
||||||
if(data->state.httpwant >= CURL_HTTP_VERSION_2) {
|
if(data->state.httpwant >= CURL_HTTP_VERSION_2) {
|
||||||
memcpy(&alpn_buffer[cur], NGHTTP2_PROTO_ALPN, NGHTTP2_PROTO_ALPN_LEN);
|
memcpy(&alpn_buffer[cur], ALPN_H2, ALPN_H2_LENGTH);
|
||||||
cur += NGHTTP2_PROTO_ALPN_LEN;
|
cur += ALPN_H2_LENGTH;
|
||||||
infof(data, "schannel: ALPN, offering %s\n", NGHTTP2_PROTO_VERSION_ID);
|
infof(data, "schannel: ALPN, offering %s\n", ALPN_H2);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -1392,10 +1392,9 @@ schannel_connect_step3(struct Curl_easy *data, struct connectdata *conn,
|
|||||||
infof(data, "schannel: ALPN, server accepted to use %.*s\n",
|
infof(data, "schannel: ALPN, server accepted to use %.*s\n",
|
||||||
alpn_result.ProtocolIdSize, alpn_result.ProtocolId);
|
alpn_result.ProtocolIdSize, alpn_result.ProtocolId);
|
||||||
|
|
||||||
#ifdef USE_NGHTTP2
|
#ifdef USE_HTTP2
|
||||||
if(alpn_result.ProtocolIdSize == NGHTTP2_PROTO_VERSION_ID_LEN &&
|
if(alpn_result.ProtocolIdSize == ALPN_H2_LENGTH &&
|
||||||
!memcmp(NGHTTP2_PROTO_VERSION_ID, alpn_result.ProtocolId,
|
!memcmp(ALPN_H2, alpn_result.ProtocolId, ALPN_H2_LENGTH)) {
|
||||||
NGHTTP2_PROTO_VERSION_ID_LEN)) {
|
|
||||||
conn->negnpn = CURL_HTTP_VERSION_2;
|
conn->negnpn = CURL_HTTP_VERSION_2;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
@ -1829,14 +1829,14 @@ static CURLcode sectransp_connect_step1(struct Curl_easy *data,
|
|||||||
CFMutableArrayRef alpnArr = CFArrayCreateMutable(NULL, 0,
|
CFMutableArrayRef alpnArr = CFArrayCreateMutable(NULL, 0,
|
||||||
&kCFTypeArrayCallBacks);
|
&kCFTypeArrayCallBacks);
|
||||||
|
|
||||||
#ifdef USE_NGHTTP2
|
#ifdef USE_HTTP2
|
||||||
if(data->state.httpwant >= CURL_HTTP_VERSION_2
|
if(data->state.httpwant >= CURL_HTTP_VERSION_2
|
||||||
#ifndef CURL_DISABLE_PROXY
|
#ifndef CURL_DISABLE_PROXY
|
||||||
&& (!isproxy || !conn->bits.tunnel_proxy)
|
&& (!isproxy || !conn->bits.tunnel_proxy)
|
||||||
#endif
|
#endif
|
||||||
) {
|
) {
|
||||||
CFArrayAppendValue(alpnArr, CFSTR(NGHTTP2_PROTO_VERSION_ID));
|
CFArrayAppendValue(alpnArr, CFSTR(ALPN_H2));
|
||||||
infof(data, "ALPN, offering %s\n", NGHTTP2_PROTO_VERSION_ID);
|
infof(data, "ALPN, offering %s\n", ALPN_H2);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -2788,10 +2788,9 @@ sectransp_connect_step2(struct Curl_easy *data, struct connectdata *conn,
|
|||||||
if(err == noErr && alpnArr && CFArrayGetCount(alpnArr) >= 1)
|
if(err == noErr && alpnArr && CFArrayGetCount(alpnArr) >= 1)
|
||||||
chosenProtocol = CFArrayGetValueAtIndex(alpnArr, 0);
|
chosenProtocol = CFArrayGetValueAtIndex(alpnArr, 0);
|
||||||
|
|
||||||
#ifdef USE_NGHTTP2
|
#ifdef USE_HTTP2
|
||||||
if(chosenProtocol &&
|
if(chosenProtocol &&
|
||||||
!CFStringCompare(chosenProtocol, CFSTR(NGHTTP2_PROTO_VERSION_ID),
|
!CFStringCompare(chosenProtocol, CFSTR(ALPN_H2), 0)) {
|
||||||
0)) {
|
|
||||||
conn->negnpn = CURL_HTTP_VERSION_2;
|
conn->negnpn = CURL_HTTP_VERSION_2;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
@ -126,9 +126,11 @@ bool Curl_ssl_tls13_ciphersuites(void);
|
|||||||
#define CURL_SHA256_DIGEST_LENGTH 32 /* fixed size */
|
#define CURL_SHA256_DIGEST_LENGTH 32 /* fixed size */
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* see https://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-04 */
|
/* see https://www.iana.org/assignments/tls-extensiontype-values/ */
|
||||||
#define ALPN_HTTP_1_1_LENGTH 8
|
#define ALPN_HTTP_1_1_LENGTH 8
|
||||||
#define ALPN_HTTP_1_1 "http/1.1"
|
#define ALPN_HTTP_1_1 "http/1.1"
|
||||||
|
#define ALPN_H2_LENGTH 2
|
||||||
|
#define ALPN_H2 "h2"
|
||||||
|
|
||||||
/* set of helper macros for the backends to access the correct fields. For the
|
/* set of helper macros for the backends to access the correct fields. For the
|
||||||
proxy or for the remote host - to properly support HTTPS proxy */
|
proxy or for the remote host - to properly support HTTPS proxy */
|
||||||
|
@ -451,10 +451,10 @@ wolfssl_connect_step1(struct Curl_easy *data, struct connectdata *conn,
|
|||||||
/* wolfSSL's ALPN protocol name list format is a comma separated string of
|
/* wolfSSL's ALPN protocol name list format is a comma separated string of
|
||||||
protocols in descending order of preference, eg: "h2,http/1.1" */
|
protocols in descending order of preference, eg: "h2,http/1.1" */
|
||||||
|
|
||||||
#ifdef USE_NGHTTP2
|
#ifdef USE_HTTP2
|
||||||
if(data->state.httpwant >= CURL_HTTP_VERSION_2) {
|
if(data->state.httpwant >= CURL_HTTP_VERSION_2) {
|
||||||
strcpy(protocols + strlen(protocols), NGHTTP2_PROTO_VERSION_ID ",");
|
strcpy(protocols + strlen(protocols), ALPN_H2 ",");
|
||||||
infof(data, "ALPN, offering %s\n", NGHTTP2_PROTO_VERSION_ID);
|
infof(data, "ALPN, offering %s\n", ALPN_H2);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -691,11 +691,10 @@ wolfssl_connect_step2(struct Curl_easy *data, struct connectdata *conn,
|
|||||||
if(protocol_len == ALPN_HTTP_1_1_LENGTH &&
|
if(protocol_len == ALPN_HTTP_1_1_LENGTH &&
|
||||||
!memcmp(protocol, ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH))
|
!memcmp(protocol, ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH))
|
||||||
conn->negnpn = CURL_HTTP_VERSION_1_1;
|
conn->negnpn = CURL_HTTP_VERSION_1_1;
|
||||||
#ifdef USE_NGHTTP2
|
#ifdef USE_HTTP2
|
||||||
else if(data->state.httpwant >= CURL_HTTP_VERSION_2 &&
|
else if(data->state.httpwant >= CURL_HTTP_VERSION_2 &&
|
||||||
protocol_len == NGHTTP2_PROTO_VERSION_ID_LEN &&
|
protocol_len == ALPN_H2_LENGTH &&
|
||||||
!memcmp(protocol, NGHTTP2_PROTO_VERSION_ID,
|
!memcmp(protocol, ALPN_H2, ALPN_H2_LENGTH))
|
||||||
NGHTTP2_PROTO_VERSION_ID_LEN))
|
|
||||||
conn->negnpn = CURL_HTTP_VERSION_2;
|
conn->negnpn = CURL_HTTP_VERSION_2;
|
||||||
#endif
|
#endif
|
||||||
else
|
else
|
||||||
|
Loading…
Reference in New Issue
Block a user