- Timestamp:
- Jan 3, 2019, 9:40:17 AM (2 years ago)
- Branches:
- asyncio, debian/master, master, proxy-ticket
- Children:
- b6c7866
- Parents:
- 4d38cbd
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
src/gnutls_proxy.c
r4d38cbd ra900948 319 319 320 320 321 /** Initial size for the APR array storing ALPN protocol 322 * names. Currently only mod_proxy_http2 uses ALPN for proxy 323 * connections and proposes "h2" exclusively. This provides enough 324 * room without additional allocation even if an HTTP/1.1 fallback 325 * should be added while still being small. */ 326 #define INIT_ALPN_ARR_SIZE 2 327 328 /** 329 * Set ALPN proposals for a proxy handshake based on the note from the 330 * proxy module (see `PROXY_SNI_NOTE`). The note is expected to 331 * contain a string, multiple protocol names can be separated by "," 332 * or " ", or a combination of them. 333 * 334 * @param ctxt the mod_gnutls connection handle 335 */ 321 336 static void proxy_conn_set_alpn(mgs_handle_t *ctxt) 322 337 { … … 325 340 if (proxy_alpn == NULL) 326 341 return; 327 328 // TODO: mod_ssl ssl_engine_io.c does some tokenization of 329 // the input string, so it looks like the API allows 330 // multiple protocols. 331 gnutls_datum_t alpn_proto = { 332 .data = (unsigned char *) apr_pstrdup(ctxt->c->pool, proxy_alpn), 333 .size = strlen(proxy_alpn) 334 }; 335 ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, ctxt->c, 336 "%s: proxy module requests ALPN proto '%s', " 342 ap_log_cerror(APLOG_MARK, APLOG_TRACE1, APR_SUCCESS, ctxt->c, 343 "%s: proxy module ALPN note is '%s', " 337 344 "length %" APR_SIZE_T_FMT ".", 338 345 __func__, proxy_alpn, strlen(proxy_alpn)); 346 347 apr_array_header_t* protocols = 348 apr_array_make(ctxt->c->pool, INIT_ALPN_ARR_SIZE, 349 sizeof(const char *)); 350 351 /* mod_ssl tokenizes the note by "," or " " to allow multiple 352 * protocols. We need to copy the note because apr_strtok() 353 * modifies the string to make each token NULL terminated. On the 354 * plus side that means we do not need to copy individual 355 * tokens. */ 356 char *tok = apr_pstrdup(ctxt->c->pool, proxy_alpn); 357 /* state for apr_strtok, pointer to character following current 358 * token */ 359 char *last = NULL; 360 while ((tok = apr_strtok(tok, ", ", &last))) 361 { 362 APR_ARRAY_PUSH(protocols, const char *) = tok; 363 tok = NULL; 364 } 365 366 gnutls_datum_t* alpn_protos = 367 mgs_str_array_to_datum_array(protocols, 368 ctxt->c->pool, 369 protocols->nelts); 339 370 int ret = gnutls_alpn_set_protocols(ctxt->session, 340 &alpn_proto,341 1 /* number of proposals */,371 alpn_protos, 372 protocols->nelts, 342 373 0 /* flags */); 343 374 if (ret != GNUTLS_E_SUCCESS) 344 375 ap_log_cerror(APLOG_MARK, APLOG_ERR, ret, ctxt->c, 345 "Could not set ALPN proposal '%s'for proxy "376 "Could not set ALPN proposals for proxy " 346 377 "connection: %s (%d)", 347 proxy_alpn,gnutls_strerror(ret), ret);378 gnutls_strerror(ret), ret); 348 379 } 349 380
Note: See TracChangeset
for help on using the changeset viewer.