With the current (master) code of mod_h2, you'd probably need something like the attached patch to handle a possible failure in modssl_register_alpn(), because SSLALPNPreference was not configured (as per my proposed mod_ssl patch).
On Wed, Jun 3, 2015 at 5:16 PM, Stefan Eissing <stefan.eiss...@greenbytes.de> wrote: > Hmm, I cannot test this today since I am travelling. > > If Jim wants to tag 2.5.13 this week, then either the current v4 patch makes > it in, or we need to postpone this. A changed patch on which my module (and > possibly others) chokes on, will not serve anyone I assume. > > As with the "don't send NPN unnecessary" bug report: ALPN is working slighty > different. Not sure if the server cb is triggered at all, if the client sends > no ALPN. > > //stefan > > > >> Am 03.06.2015 um 17:04 schrieb Yann Ylavic <ylavic....@gmail.com>: >> >>> On Wed, Jun 3, 2015 at 4:45 PM, Yann Ylavic <ylavic....@gmail.com> wrote: >>> >>> This means enabling ALPN only if SSLALPNPreference is used. >> >> Something like below : >> >> Index: modules/ssl/mod_ssl.c >> =================================================================== >> --- modules/ssl/mod_ssl.c (revision 1683271) >> +++ modules/ssl/mod_ssl.c (working copy) >> @@ -456,6 +456,8 @@ static int modssl_register_alpn(conn_rec *c, >> ssl_alpn_proto_negotiated negotiatedfn) >> { >> #ifdef HAVE_TLS_ALPN >> + SSLSrvConfigRec *sc; >> + >> SSLConnRec *sslconn = myConnConfig(c); >> >> if (!sslconn) { >> @@ -462,6 +464,11 @@ static int modssl_register_alpn(conn_rec *c, >> return DECLINED; >> } >> >> + sc = mySrvConfig(sslconn->server); >> + if (sc->server->ssl_alpn_pref->nelts <= 0) { >> + return DECLINED; >> + } >> + >> if (!sslconn->alpn_proposefns) { >> sslconn->alpn_proposefns = >> apr_array_make(c->pool, 5, sizeof(ssl_alpn_propose_protos)); >> Index: modules/ssl/ssl_engine_init.c >> =================================================================== >> --- modules/ssl/ssl_engine_init.c (revision 1683271) >> +++ modules/ssl/ssl_engine_init.c (working copy) >> @@ -648,7 +648,9 @@ static void ssl_init_ctx_callbacks(server_rec *s, >> SSL_CTX_set_info_callback(ctx, ssl_callback_Info); >> >> #ifdef HAVE_TLS_ALPN >> - SSL_CTX_set_alpn_select_cb(ctx, ssl_callback_alpn_select, NULL); >> + if (s->ssl_alpn_pref->nelts > 0) { >> + SSL_CTX_set_alpn_select_cb(ctx, ssl_callback_alpn_select, NULL); >> + } >> #endif >> } >> >> --
mod_h2-h2_h2-modssl_register_alpn.patch
Description: application/download