www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-07 04:02:58 +03:00
Code Activity

mod_ssl: performing protocol switch directly after ALPN selection, mod_http2: connection hook inits network filters to force TLS handshake, reads input only if H2Direct explicitly enabled, changes H2Direct default to off even for cleartext connections

Browse Source 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1708107 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Stefan Eissing
2015-10-12 13:13:45 +00:00
parent d5c6229953
commit ebb34c0b07
6 changed files with 65 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
modules/ssl/ssl_engine_kernel.c
View File

@@ -2210,14 +2210,30 @@ int ssl_callback_alpn_select(SSL *ssl,
init_vhost(c, ssl);
proposed = ap_select_protocol(c, NULL, sslconn->server, client_protos);
*out = (const unsigned char *)(proposed? proposed : ap_get_protocol(c));
len = strlen((const char*)*out);
if (!proposed) {
proposed = ap_get_protocol(c);
}
len = strlen(proposed);
if (len > 255) {
ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02840)
"ALPN negotiated protocol name too long");
return SSL_TLSEXT_ERR_ALERT_FATAL;
}
*out = (const unsigned char *)proposed;
*outlen = (unsigned char)len;
if (strcmp(proposed, ap_get_protocol(c))) {
apr_status_t status;
status = ap_switch_protocol(c, NULL, sslconn->server, proposed);
if (status != APR_SUCCESS) {
ap_log_cerror(APLOG_MARK, APLOG_ERR, status, c,
APLOGNO(02908) "protocol switch to '%s' failed",
proposed);
return SSL_TLSEXT_ERR_ALERT_FATAL;
}
}
return SSL_TLSEXT_ERR_OK;
}