httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yann Ylavic <ylavic....@gmail.com>
Subject Re: ALPN patch comments
Date Wed, 03 Jun 2015 12:52:05 GMT
I wonder if registering the ssl_callback_alpn_select callback
inconditionally could break some clients.
Are those (ALPN ready) always negociate "http/1.1"?

Otherwise we could check for sc->server->ssl_alpn_pref->nelts > 0 (or
a dedicated SSLAlpnEnable) beforing using
SSL_CTX_set_alpn_select_cb().
In that case mod_h2 would not work out of the box, needing some
administration on the httpd side.


On Wed, Jun 3, 2015 at 12:56 PM, Stefan Eissing
<stefan.eissing@greenbytes.de> wrote:
> I tested the lined patch on a 2.4.x checkout with mod_h2 on OS X 10.10 and openssl 1.0.2.
All my tests ran fine.
>
> //Stefan
>
>> Am 02.06.2015 um 16:56 schrieb Eric Covener <covener@gmail.com>:
>>
>> Can you test the latest rev of the backport candidate?
>>
>> http://people.apache.org/~ylavic/httpd-2.4.x-alpn-v4.patch
>>
>>
>>
>> On Mon, Apr 27, 2015 at 11:06 AM Stefan Eissing <stefan.eissing@greenbytes.de>
wrote:
>>
>> > Am 25.04.2015 um 11:47 schrieb Kaspar Brand <httpd-dev.2014@velox.ch>:
>> >
>> > On 22.04.2015 18:54, Jim Jagielski wrote:
>> >>> For me the time seems right to rip NPN out of trunk and only backport
>> >>> the ALPN code to 2.4.
>> >>>
>> >>
>> >> I'd be +1 for that.
>> >
>> > So, to get one step further, and since there were no explicit objections
>> > to removing NPN support so far (or arguments for keeping it, FWIW), I
>> > went ahead and took a stab at this with r1676004.
>> >
>> > Only tested in terms of "compiles both w/ and w/o HAVE_TLS_ALPN", so it
>> > certainly needs more eyes before a backport proposal could be made.
>> > There's also a "TODO: we should have a mod_ssl configuration parameter"
>> > in ssl_engine_kernel.c which I'm unsure to what it refers.
>>
>> The „TODO“ is a leftover from before SSLAlpnPreference was introduced. It can
be removed.
>>
>> I diff’ed the current mod_ssl against the 2.4 branch, removed everything but he
ALPN changes and made a patch for my sandbox. This works on my OS X with mod_h2. My Ubuntu
sandbox is still resisting as some test clients still link the system ssl which only speaks
NPN (or link against a lib_event that links against the system openssl). It’s a mess.
>>
>> Stefan
>>
>> >
>> > Kaspar
>>
>> <green/>bytes GmbH
>> Hafenweg 16, 48155 Münster, Germany
>> Phone: +49 251 2807760. Amtsgericht Münster: HRB5782
>>
>>
>>
>
> <green/>bytes GmbH
> Hafenweg 16, 48155 Münster, Germany
> Phone: +49 251 2807760. Amtsgericht Münster: HRB5782
>
>
>

Mime
View raw message