diff options
| author | Fabian Frank <fabian@pagefault.de> | 2014-01-29 21:18:03 -0800 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2014-01-30 11:13:28 +0100 |
| commit | 22c198fa89512c76f916d7d3909d113bb32ddcd0 (patch) | |
| tree | 0a0867b5b59ad02fa0e3d8ece684c89f09789663 /lib | |
| parent | c3fe3d9926836ab2587dbab1e9192637db9d3cf5 (diff) | |
openssl: set up hooks with to perform NPN
NPN is what is available in the wild today to negotiate SPDY or HTTP/2.0
connections. It is expected to be replaced by ALPN in the future. If
HTTP/2.0 is negotiated, this is indicated for the entire connection and
http.c is expected to initialize itself for HTTP/2.0 instead of
HTTP/1.1.
see:
http://technotes.googlecode.com/git/nextprotoneg.html
http://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-04
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/urldata.h | 8 | ||||
| -rw-r--r-- | lib/vtls/openssl.c | 35 |
2 files changed, 43 insertions, 0 deletions
diff --git a/lib/urldata.h b/lib/urldata.h index e37971e02..1e1ef5d6b 100644 --- a/lib/urldata.h +++ b/lib/urldata.h @@ -597,6 +597,12 @@ enum upgrade101 { UPGR101_WORKING /* talking upgraded protocol */ }; +enum negotiatenpn { + NPN_INIT, /* default state */ + NPN_HTTP1_1, /* HTTP/1.1 negotiated */ + NPN_HTTP2_DRAFT09 /* HTTP-draft-0.9/2.0 negotiated */ +}; + /* * Request specific data in the easy handle (SessionHandle). Previously, * these members were on the connectdata struct but since a conn struct may @@ -1048,6 +1054,8 @@ struct connectdata { TUNNEL_COMPLETE /* CONNECT response received completely */ } tunnel_state[2]; /* two separate ones to allow FTP */ struct connectbundle *bundle; /* The bundle we are member of */ + + enum negotiatenpn negnpn; }; /* The end of connectdata. */ diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index e83738f60..7374c133f 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -1399,6 +1399,37 @@ static void ssl_tls_trace(int direction, int ssl_ver, int content_type, # define use_sni(x) Curl_nop_stmt #endif +#ifdef USE_NGHTTP2 +/* + * in is a list of lenght prefixed strings. this function has to select + * the protocol we want to use from the list and write its string into out. + */ +static int +select_next_proto_cb(SSL *ssl, + unsigned char **out, unsigned char *outlen, + const unsigned char *in, unsigned int inlen, + void *arg) +{ + struct connectdata *conn = (struct connectdata*) arg; + int retval = nghttp2_select_next_protocol(out, outlen, in, inlen); + (void)ssl; + + if(retval == 1) { + infof(conn->data, "NPN, negotiated HTTP2\n"); + conn->negnpn = NPN_HTTP2_DRAFT09; + } + else if(retval == 0) { + infof(conn->data, "NPN, negotiated HTTP1.1\n"); + conn->negnpn = NPN_HTTP1_1; + } + else { + infof(conn->data, "NPN, no overlap, negotiated nothing\n"); + } + + return SSL_TLSEXT_ERR_OK; +} +#endif + static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex) @@ -1617,6 +1648,10 @@ ossl_connect_step1(struct connectdata *conn, SSL_CTX_set_options(connssl->ctx, ctx_options); +#ifdef USE_NGHTTP2 + SSL_CTX_set_next_proto_select_cb(connssl->ctx, select_next_proto_cb, conn); +#endif + if(data->set.str[STRING_CERT] || data->set.str[STRING_CERT_TYPE]) { if(!cert_stuff(conn, connssl->ctx, |