walkero
/
nghttp2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

nghttpx: Fix missing ALPN validation (--npn-list) 

This commit fixes the bug that ALPN validation does not occur when
ALPN list is not sent from client.
This commit is contained in:
Tatsuhiro Tsujikawa 2018-01-04 22:43:47 +09:00
parent a776b0dbcc
commit 74754982f1
1 changed files with 10 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
src/shrpx_client_handler.cc
View File

@ -556,28 +556,20 @@ int ClientHandler::validate_next_proto() {
} }
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L #endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
if (next_proto == nullptr) { StringRef proto;
if (next_proto) {
proto = StringRef{next_proto, next_proto_len};
if (LOG_ENABLED(INFO)) {
CLOG(INFO, this) << "The negotiated next protocol: " << proto;
}
} else {
if (LOG_ENABLED(INFO)) { if (LOG_ENABLED(INFO)) {
CLOG(INFO, this) << "No protocol negotiated. Fallback to HTTP/1.1"; CLOG(INFO, this) << "No protocol negotiated. Fallback to HTTP/1.1";
} }
upstream_ = make_unique<HttpsUpstream>(this); proto = StringRef::from_lit("http/1.1");
alpn_ = StringRef::from_lit("http/1.1");
// At this point, input buffer is already filled with some bytes.
// The read callback is not called until new data come. So consume
// input buffer here.
if (on_read() != 0) {
return -1;
}
return 0;
}
auto proto = StringRef{next_proto, next_proto_len};
if (LOG_ENABLED(INFO)) {
CLOG(INFO, this) << "The negotiated next protocol: " << proto;
} }
if (!tls::in_proto_list(get_config()->tls.npn_list, proto)) { if (!tls::in_proto_list(get_config()->tls.npn_list, proto)) {