walkero
/
nghttp2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Implement draft-ietf-httpbis-replay-02 

nghttpx sends early-data header field when forwarding requests which
are received in TLSv1.3 early data, and the TLS handshake is still in
progress.
This commit is contained in:
Tatsuhiro Tsujikawa 2017-11-26 10:56:39 +09:00
parent 2ab319c137
commit 770e44de4d
3 changed files with 24 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/http2.cc
View File

@ -107,6 +107,9 @@ StringRef get_reason_phrase(unsigned int status_code) {
return StringRef::from_lit("Expectation Failed"); return StringRef::from_lit("Expectation Failed");
case 421: case 421:
return StringRef::from_lit("Misdirected Request"); return StringRef::from_lit("Misdirected Request");
case 425:
// https://tools.ietf.org/html/draft-ietf-httpbis-replay-02
return StringRef::from_lit("Too Early");
case 426: case 426:
return StringRef::from_lit("Upgrade Required"); return StringRef::from_lit("Upgrade Required");
case 428: case 428:

14
src/shrpx_http2_downstream_connection.cc
View File

@ -41,6 +41,7 @@
#include "shrpx_log.h" #include "shrpx_log.h"
#include "http2.h" #include "http2.h"
#include "util.h" #include "util.h"
#include "ssl_compat.h"
using namespace nghttp2; using namespace nghttp2;
@ -271,7 +272,7 @@ int Http2DownstreamConnection::push_request_headers() {
num_cookies = downstream_->count_crumble_request_cookie(); num_cookies = downstream_->count_crumble_request_cookie();
} }
// 9 means: // 10 means:
// 1. :method // 1. :method
// 2. :scheme // 2. :scheme
// 3. :path // 3. :path
@ -281,8 +282,9 @@ int Http2DownstreamConnection::push_request_headers() {
// 7. x-forwarded-proto (optional) // 7. x-forwarded-proto (optional)
// 8. te (optional) // 8. te (optional)
// 9. forwarded (optional) // 9. forwarded (optional)
// 10. early-data (optional)
auto nva = std::vector<nghttp2_nv>(); auto nva = std::vector<nghttp2_nv>();
nva.reserve(req.fs.headers().size() + 9 + num_cookies + nva.reserve(req.fs.headers().size() + 10 + num_cookies +
httpconf.add_request_headers.size()); httpconf.add_request_headers.size());
nva.push_back( nva.push_back(
@ -333,6 +335,14 @@ int Http2DownstreamConnection::push_request_headers() {
auto upstream = downstream_->get_upstream(); auto upstream = downstream_->get_upstream();
auto handler = upstream->get_client_handler(); auto handler = upstream->get_client_handler();
#if OPENSSL_1_1_1_API
auto conn = handler->get_connection();
if (!SSL_is_init_finished(conn->tls.ssl)) {
nva.push_back(http2::make_nv_ll("early-data", "1"));
}
#endif // OPENSSL_1_1_1_API
auto fwd = auto fwd =
fwdconf.strip_incoming ? nullptr : req.fs.header(http2::HD_FORWARDED); fwdconf.strip_incoming ? nullptr : req.fs.header(http2::HD_FORWARDED);

9
src/shrpx_http_downstream_connection.cc
View File

@ -39,6 +39,7 @@
#include "shrpx_log.h" #include "shrpx_log.h"
#include "http2.h" #include "http2.h"
#include "util.h" #include "util.h"
#include "ssl_compat.h"
using namespace nghttp2; using namespace nghttp2;
@ -584,6 +585,14 @@ int HttpDownstreamConnection::push_request_headers() {
auto upstream = downstream_->get_upstream(); auto upstream = downstream_->get_upstream();
auto handler = upstream->get_client_handler(); auto handler = upstream->get_client_handler();
#if OPENSSL_1_1_1_API
auto conn = handler->get_connection();
if (!SSL_is_init_finished(conn->tls.ssl)) {
buf->append("Early-Data: 1\r\n");
}
#endif // OPENSSL_1_1_1_API
auto fwd = auto fwd =
fwdconf.strip_incoming ? nullptr : req.fs.header(http2::HD_FORWARDED); fwdconf.strip_incoming ? nullptr : req.fs.header(http2::HD_FORWARDED);