Browse Source

[mod_mbedtls] restore ALPN chk after client hello

(removed two commits ago)

must check selected ALPN after client hello has completed
for case where hctx->conf.ssl_acme_tls_1 is not enabled
or else ALPN "h2" will not be detected
master
Glenn Strauss 2 months ago
parent
commit
3edeb6b432
  1. 49
      src/mod_mbedtls.c

49
src/mod_mbedtls.c

@ -1063,6 +1063,48 @@ mod_mbedtls_acme_tls_1 (handler_ctx *hctx)
#endif
static int
mod_mbedtls_alpn_selected (handler_ctx * const hctx, const char * const in)
{
const int n = (int)strlen(in);
const int i = 0;
unsigned short proto;
switch (n) {
case 2: /* "h2" */
if (in[i] == 'h' && in[i+1] == '2') {
proto = MOD_MBEDTLS_ALPN_H2;
hctx->r->http_version = HTTP_VERSION_2;
break;
}
return 0;
case 8: /* "http/1.1" "http/1.0" */
if (0 == memcmp(in+i, "http/1.", 7)) {
if (in[i+7] == '1') {
proto = MOD_MBEDTLS_ALPN_HTTP11;
break;
}
if (in[i+7] == '0') {
proto = MOD_MBEDTLS_ALPN_HTTP10;
break;
}
}
return 0;
case 10: /* "acme-tls/1" */
if (0 == memcmp(in+i, "acme-tls/1", 10)) {
proto = MOD_MBEDTLS_ALPN_ACME_TLS_1;
break;
}
return 0;
default:
return 0;
}
hctx->alpn = proto;
return 0;
}
static int
mod_mbedtls_alpn_select_cb (handler_ctx *hctx, const unsigned char *in, const unsigned int inlen)
{
@ -1959,6 +2001,13 @@ mod_mbedtls_ssl_handshake (handler_ctx *hctx)
rc = mbedtls_ssl_handshake_step(&hctx->ssl);
if (0 != rc) break;
}
if (0 == rc && hctx->ssl.state == MBEDTLS_SSL_SERVER_HELLO) {
#ifdef MBEDTLS_SSL_ALPN
const char *alpn = mbedtls_ssl_get_alpn_protocol(&hctx->ssl);
if (NULL != alpn)
rc = mod_mbedtls_alpn_selected(hctx, alpn);
#endif
}
}
/* overwrite callback with hctx each time we enter here, before handshake

Loading…
Cancel
Save