walkero
/
nghttp2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

nghttpx: Make backend fail with TLS handshake failure, including ALPN mismatch

This commit is contained in:
Tatsuhiro Tsujikawa 2016-06-17 00:53:38 +09:00
parent c0b6b9a282
commit ec5e438a7c
2 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/shrpx_http2_session.cc
View File

@ -1501,6 +1501,7 @@ int Http2Session::connection_made() {
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L #endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
if (!next_proto) { if (!next_proto) {
downstream_failure(addr_);
return -1; return -1;
} }
@ -1509,6 +1510,7 @@ int Http2Session::connection_made() {
SSLOG(INFO, this) << "Negotiated next protocol: " << proto; SSLOG(INFO, this) << "Negotiated next protocol: " << proto;
} }
if (!util::check_h2_is_selected(proto)) { if (!util::check_h2_is_selected(proto)) {
downstream_failure(addr_);
return -1; return -1;
} }
} }
@ -1897,6 +1899,8 @@ int Http2Session::tls_handshake() {
} }
if (rv < 0) { if (rv < 0) {
downstream_failure(addr_);
return rv; return rv;
} }
@ -1906,6 +1910,8 @@ int Http2Session::tls_handshake() {
if (!get_config()->tls.insecure && if (!get_config()->tls.insecure &&
ssl::check_cert(conn_.tls.ssl, addr_) != 0) { ssl::check_cert(conn_.tls.ssl, addr_) != 0) {
downstream_failure(addr_);
return -1; return -1;
} }

4
src/shrpx_http_downstream_connection.cc
View File

@ -965,6 +965,8 @@ int HttpDownstreamConnection::tls_handshake() {
} }
if (rv < 0) { if (rv < 0) {
downstream_failure(addr_);
return rv; return rv;
} }
@ -974,6 +976,8 @@ int HttpDownstreamConnection::tls_handshake() {
if (!get_config()->tls.insecure && if (!get_config()->tls.insecure &&
ssl::check_cert(conn_.tls.ssl, addr_) != 0) { ssl::check_cert(conn_.tls.ssl, addr_) != 0) {
downstream_failure(addr_);
return -1; return -1;
} }