From a803be9171ec96e5a840e92ec1f2e28d7f7b82d2 Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Fri, 8 Apr 2016 22:58:38 +0900
Subject: [PATCH] nghttpx: Check negotiated ALPN in LiveCheck

---
 src/shrpx_live_check.cc | 33 +++++++++++++++++++++++++++++++--
 1 file changed, 31 insertions(+), 2 deletions(-)

diff --git a/src/shrpx_live_check.cc b/src/shrpx_live_check.cc
index 109622f9..73e824dd 100644
--- a/src/shrpx_live_check.cc
+++ b/src/shrpx_live_check.cc
@@ -281,11 +281,40 @@ int LiveCheck::tls_handshake() {
     }
   }
 
+  // Check negotiated ALPN
+
+  const unsigned char *next_proto = nullptr;
+  unsigned int next_proto_len = 0;
+
+  SSL_get0_next_proto_negotiated(conn_.tls.ssl, &next_proto, &next_proto_len);
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L
+  if (next_proto == nullptr) {
+    SSL_get0_alpn_selected(conn_.tls.ssl, &next_proto, &next_proto_len);
+  }
+#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
+
+  auto proto = StringRef{next_proto, next_proto_len};
+
+  const auto &shared_addr = group_->shared_addr;
+
+  switch (shared_addr->proto) {
+  case PROTO_HTTP1:
+    if (proto.empty() || proto == StringRef::from_lit("http/1.1")) {
+      break;
+    }
+    return -1;
+  case PROTO_HTTP2:
+    if (util::check_h2_is_selected(proto)) {
+      break;
+    }
+    return -1;
+  default:
+    break;
+  }
+
   on_success();
   disconnect();
 
-  // TODO Check ALPN identifier here
-
   return 0;
 }