Menci opened a new pull request, #2251:
URL: https://github.com/apache/brpc/pull/2251
### What problem does this PR solve?
Issue Number: #1991
Problem Summary:
### What is changed and the side effects?
Changed:
In HTTP/2 standard a client should negotiate the protocol with server with
ALPN. The client should send a list of protocols it support and the server will
choose one. Normally `curl` sends `http1.1` and `h2`. A standard client should
send H2 requests in TLS payload only if the server chooses `h2` in ALPN.
We tried a deployment with Nginx (TLS termination and `grpc_pass` to
backend) in front of BRPC and found Nginx is treating BRPC client's H2 payload
as H1 since there's no ALPN. It's confirmed that adding client side ALPN fixes
it.
In this PR, if `options.alpn_protocols` is set in SSL options, the client
will send ALPN extension during SSL handshake and check if the server responded
with a acceptable protocol name. Normally we could set `alpn_protocols` to
`{"h2"}` to only use H2. Note that the implementation will raise an error if
the server returns no ALPN selection or unacceptable ALPN selection. Currently
BRPC has no server side ALPN support (until #2102 is merged) so using this
option with no HTTPS reverse proxy in front of BRPC server will not work.
```cpp
// Example to work with "h2:grpc" protocol
channel_options.mutable_ssl_options()->alpn_protocols = {"h2"};
```
Client side ALPN must be set manually since it requires server side ALPN
support. By default it's unset and the behavior is like without this feature.
Side effects:
- Performance effects(性能影响): If the client side ALPN feature is used, a
little more memory allocations are happened during client side SSL connection
setup and handshake.
- Breaking backward compatibility(向后兼容性): No effect
---
### Check List:
- Please make sure your changes are compilable(请确保你的更改可以通过编译).
- When providing us with a new feature, it is best to add related
tests(如果你向我们增加一个新的功能, 请添加相关测试).
- Please follow [Contributor Covenant Code of
Conduct](../../master/CODE_OF_CONDUCT.md).(请遵循贡献者准则).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
