Re: ALPN patch comments

Wed, 03 Jun 2015 08:41:11 -0700 

With the current (master) code of mod_h2, you'd probably need
something like the attached patch to handle a possible failure in
modssl_register_alpn(), because SSLALPNPreference was not configured
(as per my proposed mod_ssl patch).

On Wed, Jun 3, 2015 at 5:16 PM, Stefan Eissing
<stefan.eiss...@greenbytes.de> wrote:
> Hmm, I cannot test this today since I am travelling.
>
> If Jim wants to tag 2.5.13 this week, then either the current v4 patch makes 
> it in, or we need to postpone this. A changed patch on which my module (and 
> possibly others) chokes on, will not serve anyone I assume.
>
> As with the "don't send NPN unnecessary" bug report: ALPN is working slighty 
> different. Not sure if the server cb is triggered at all, if the client sends 
> no ALPN.
>
> //stefan
>
>
>
>> Am 03.06.2015 um 17:04 schrieb Yann Ylavic <ylavic....@gmail.com>:
>>
>>> On Wed, Jun 3, 2015 at 4:45 PM, Yann Ylavic <ylavic....@gmail.com> wrote:
>>>
>>> This means enabling ALPN only if SSLALPNPreference is used.
>>
>> Something like below :
>>
>> Index: modules/ssl/mod_ssl.c
>> ===================================================================
>> --- modules/ssl/mod_ssl.c    (revision 1683271)
>> +++ modules/ssl/mod_ssl.c    (working copy)
>> @@ -456,6 +456,8 @@ static int modssl_register_alpn(conn_rec *c,
>>                                ssl_alpn_proto_negotiated negotiatedfn)
>> {
>> #ifdef HAVE_TLS_ALPN
>> +    SSLSrvConfigRec *sc;
>> +
>>     SSLConnRec *sslconn = myConnConfig(c);
>>
>>     if (!sslconn) {
>> @@ -462,6 +464,11 @@ static int modssl_register_alpn(conn_rec *c,
>>         return DECLINED;
>>     }
>>
>> +    sc = mySrvConfig(sslconn->server);
>> +    if (sc->server->ssl_alpn_pref->nelts <= 0) {
>> +        return DECLINED;
>> +    }
>> +
>>     if (!sslconn->alpn_proposefns) {
>>         sslconn->alpn_proposefns =
>>             apr_array_make(c->pool, 5, sizeof(ssl_alpn_propose_protos));
>> Index: modules/ssl/ssl_engine_init.c
>> ===================================================================
>> --- modules/ssl/ssl_engine_init.c    (revision 1683271)
>> +++ modules/ssl/ssl_engine_init.c    (working copy)
>> @@ -648,7 +648,9 @@ static void ssl_init_ctx_callbacks(server_rec *s,
>>     SSL_CTX_set_info_callback(ctx, ssl_callback_Info);
>>
>> #ifdef HAVE_TLS_ALPN
>> -    SSL_CTX_set_alpn_select_cb(ctx, ssl_callback_alpn_select, NULL);
>> +    if (s->ssl_alpn_pref->nelts > 0) {
>> +        SSL_CTX_set_alpn_select_cb(ctx, ssl_callback_alpn_select, NULL);
>> +    }
>> #endif
>> }
>>
>> --

Attachment: mod_h2-h2_h2-modssl_register_alpn.patch
Description: application/download

Reply via email to