httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Eissing <stefan.eiss...@greenbytes.de>
Subject Re: ALPN patch comments
Date Wed, 03 Jun 2015 15:16:14 GMT
Hmm, I cannot test this today since I am travelling.

If Jim wants to tag 2.5.13 this week, then either the current v4 patch makes it in, or we
need to postpone this. A changed patch on which my module (and possibly others) chokes on,
will not serve anyone I assume. 

As with the "don't send NPN unnecessary" bug report: ALPN is working slighty different. Not
sure if the server cb is triggered at all, if the client sends no ALPN. 

//stefan



> Am 03.06.2015 um 17:04 schrieb Yann Ylavic <ylavic.dev@gmail.com>:
> 
>> On Wed, Jun 3, 2015 at 4:45 PM, Yann Ylavic <ylavic.dev@gmail.com> wrote:
>> 
>> This means enabling ALPN only if SSLALPNPreference is used.
> 
> Something like below :
> 
> Index: modules/ssl/mod_ssl.c
> ===================================================================
> --- modules/ssl/mod_ssl.c    (revision 1683271)
> +++ modules/ssl/mod_ssl.c    (working copy)
> @@ -456,6 +456,8 @@ static int modssl_register_alpn(conn_rec *c,
>                                ssl_alpn_proto_negotiated negotiatedfn)
> {
> #ifdef HAVE_TLS_ALPN
> +    SSLSrvConfigRec *sc;
> +
>     SSLConnRec *sslconn = myConnConfig(c);
> 
>     if (!sslconn) {
> @@ -462,6 +464,11 @@ static int modssl_register_alpn(conn_rec *c,
>         return DECLINED;
>     }
> 
> +    sc = mySrvConfig(sslconn->server);
> +    if (sc->server->ssl_alpn_pref->nelts <= 0) {
> +        return DECLINED;
> +    }
> +
>     if (!sslconn->alpn_proposefns) {
>         sslconn->alpn_proposefns =
>             apr_array_make(c->pool, 5, sizeof(ssl_alpn_propose_protos));
> Index: modules/ssl/ssl_engine_init.c
> ===================================================================
> --- modules/ssl/ssl_engine_init.c    (revision 1683271)
> +++ modules/ssl/ssl_engine_init.c    (working copy)
> @@ -648,7 +648,9 @@ static void ssl_init_ctx_callbacks(server_rec *s,
>     SSL_CTX_set_info_callback(ctx, ssl_callback_Info);
> 
> #ifdef HAVE_TLS_ALPN
> -    SSL_CTX_set_alpn_select_cb(ctx, ssl_callback_alpn_select, NULL);
> +    if (s->ssl_alpn_pref->nelts > 0) {
> +        SSL_CTX_set_alpn_select_cb(ctx, ssl_callback_alpn_select, NULL);
> +    }
> #endif
> }
> 
> --

Mime
View raw message