walkero
/
nghttp2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

nghttpx: Fail h3 connection attempt if no ALPN is negotiated

This commit is contained in:
Tatsuhiro Tsujikawa 2021-09-26 15:32:44 +09:00
parent 407df2822e
commit 886dc93f18
4 changed files with 20 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/shrpx_client_handler.cc
View File

@ -517,7 +517,6 @@ void ClientHandler::setup_upstream_io_callback() {
void ClientHandler::setup_http3_upstream( void ClientHandler::setup_http3_upstream(
std::unique_ptr<Http3Upstream> &&upstream) { std::unique_ptr<Http3Upstream> &&upstream) {
upstream_ = std::move(upstream); upstream_ = std::move(upstream);
alpn_ = StringRef::from_lit("h3");
write_ = &ClientHandler::write_quic; write_ = &ClientHandler::write_quic;
auto config = get_config(); auto config = get_config();
@ -1599,4 +1598,13 @@ StringRef ClientHandler::get_alpn() const { return alpn_; }
BlockAllocator &ClientHandler::get_block_allocator() { return balloc_; } BlockAllocator &ClientHandler::get_block_allocator() { return balloc_; }
void ClientHandler::set_alpn_from_conn() {
const unsigned char *alpn;
unsigned int alpnlen;
SSL_get0_alpn_selected(conn_.tls.ssl, &alpn, &alpnlen);
alpn_ = make_string_ref(balloc_, StringRef{alpn, alpnlen});
}
} // namespace shrpx } // namespace shrpx

2
src/shrpx_client_handler.h
View File

@ -187,6 +187,8 @@ public:
BlockAllocator &get_block_allocator(); BlockAllocator &get_block_allocator();
void set_alpn_from_conn();
private: private:
// Allocator to allocate memory for connection-wide objects. Make // Allocator to allocate memory for connection-wide objects. Make
// sure that the allocations must be bounded, and not proportional // sure that the allocations must be bounded, and not proportional

8
src/shrpx_http3_upstream.cc
View File

@ -479,6 +479,14 @@ int handshake_completed(ngtcp2_conn *conn, void *user_data) {
} // namespace } // namespace
int Http3Upstream::handshake_completed() { int Http3Upstream::handshake_completed() {
handler_->set_alpn_from_conn();
auto alpn = handler_->get_alpn();
if (alpn.empty()) {
ULOG(ERROR, this) << "NO ALPN was negotiated";
return -1;
}
std::array<uint8_t, NGTCP2_CRYPTO_MAX_REGULAR_TOKENLEN> token; std::array<uint8_t, NGTCP2_CRYPTO_MAX_REGULAR_TOKENLEN> token;
size_t tokenlen; size_t tokenlen;

2
src/shrpx_tls.cc
View File

@ -719,7 +719,7 @@ int quic_alpn_select_proto_cb(SSL *ssl, const unsigned char **out,
p += 1 + proto_len; p += 1 + proto_len;
} }
return SSL_TLSEXT_ERR_NOACK; return SSL_TLSEXT_ERR_ALERT_FATAL;
} }
} // namespace } // namespace
# endif // OPENSSL_VERSION_NUMBER >= 0x10002000L # endif // OPENSSL_VERSION_NUMBER >= 0x10002000L