Changeset f674424 in mod_gnutls


Ignore:
Timestamp:
Dec 12, 2018, 4:57:14 PM (3 months ago)
Author:
Fiona Klute <fiona.klute@…>
Branches:
debian/master, master
Children:
0fcba60
Parents:
2038b76
Message:

First prototype of proxy ALPN support

The current code assumes that the "proxy-request-alpn-protos"
connection note will always contain exactly one protocol if present,
which is what mod_proxy_http2 does.

Files:
6 added
3 edited

Legend:

Unmodified
Added
Removed
  • src/gnutls_io.c

    r2038b76 rf674424  
    1919
    2020#include "mod_gnutls.h"
     21#include <apr_strings.h>
    2122
    2223#ifdef APLOG_USE_MODULE
     
    405406                              peer_hostname, gnutls_strerror(ret), ret);
    406407        }
     408
     409        const char *proxy_alpn =
     410            apr_table_get(ctxt->c->notes, "proxy-request-alpn-protos");
     411        if (proxy_alpn != NULL)
     412        {
     413            // TODO: mod_ssl ssl_engine_io.c does some tokenization of
     414            // the input string, so it looks like the API allows
     415            // multiple protocols.
     416            gnutls_datum_t alpn_proto = {
     417                .data = (unsigned char *) apr_pstrdup(ctxt->c->pool, proxy_alpn),
     418                .size = strlen(proxy_alpn)
     419            };
     420            ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, ctxt->c,
     421                          "%s: proxy module requests ALPN proto '%s', "
     422                          "length %" APR_SIZE_T_FMT ".",
     423                          __func__, proxy_alpn, strlen(proxy_alpn));
     424            ret = gnutls_alpn_set_protocols(ctxt->session,
     425                                            &alpn_proto,
     426                                            1 /* number of proposals */,
     427                                            0 /* flags */);
     428            if (ret != GNUTLS_E_SUCCESS)
     429                ap_log_cerror(APLOG_MARK, APLOG_ERR, ret, ctxt->c,
     430                              "Could not set ALPN proposal '%s' for proxy "
     431                              "connection: %s (%d)",
     432                              proxy_alpn, gnutls_strerror(ret), ret);
     433        }
    407434    }
    408435
  • test/Makefile.am

    r2038b76 rf674424  
    3636        test-31_vhost_SNI_serveralias_match.bash \
    3737        test-32_vhost_SNI_serveralias_mismatch.bash \
    38         test-33_vhost_SNI_serveralias_missinghost.bash
     38        test-33_vhost_SNI_serveralias_missinghost.bash \
     39        test-34_TLS_reverse_proxy_h2.bash
    3940
    4041TEST_EXTENSIONS = .bash
  • test/tests/Makefile.am

    r2038b76 rf674424  
    3333        31_vhost_SNI_serveralias_match/gnutls-cli.args 31_vhost_SNI_serveralias_match/input 31_vhost_SNI_serveralias_match/apache.conf 31_vhost_SNI_serveralias_match/output \
    3434        32_vhost_SNI_serveralias_mismatch/gnutls-cli.args 32_vhost_SNI_serveralias_mismatch/input 32_vhost_SNI_serveralias_mismatch/apache.conf 32_vhost_SNI_serveralias_mismatch/output \
    35         33_vhost_SNI_serveralias_missinghost/gnutls-cli.args 33_vhost_SNI_serveralias_missinghost/input 33_vhost_SNI_serveralias_missinghost/apache.conf 33_vhost_SNI_serveralias_missinghost/output
     35        33_vhost_SNI_serveralias_missinghost/gnutls-cli.args 33_vhost_SNI_serveralias_missinghost/input 33_vhost_SNI_serveralias_missinghost/apache.conf 33_vhost_SNI_serveralias_missinghost/output \
     36        34_TLS_reverse_proxy_h2/apache.conf 34_TLS_reverse_proxy_h2/backend.conf 34_TLS_reverse_proxy_h2/gnutls-cli.args 34_TLS_reverse_proxy_h2/input 34_TLS_reverse_proxy_h2/output
Note: See TracChangeset for help on using the changeset viewer.