add protocol selection to ssl, used for http2 support in the future

2024-07-01 12:59:47 +02:00 · 2020-01-11 22:30:01 +01:00 · 2020-01-11 22:30:01 +01:00 · 7fc12a72e6
commit 7fc12a72e6
parent 7b274de0db
3 changed files with 42 additions and 2 deletions
--- a/http_server.c
+++ b/http_server.c
@ -713,7 +713,9 @@ void *serve_file(void *data)
 			rhd.status = 200;
 			rhd.header = dict();
 			dput(rhd.header, "Content-Type", strdup(mime_type));
+#ifdef USE_ZLIB
 			if(!compressable(mime_type) || rq->client->z_level == ANTD_CNONE)
+#endif
 				dput(rhd.header, "Content-Length", strdup(ibuf));
 			gmtime_r(&st.st_ctime, &tm);
 			strftime(ibuf, 255, "%a, %d %b %Y %H:%M:%S GMT", &tm);
--- a/httpd.c
+++ b/httpd.c
@ -40,7 +40,34 @@ SSL_CTX *create_context()

    return ctx;
 }
-
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L
+static unsigned char antd_protocols[] = {
+	//TODO: add support to HTTP/2 protocol: 2,'h', '2',
+    8, 'h', 't', 't', 'p', '/', '1', '.', '1'
+};
+static int alpn_advertise_protos_cb(SSL *ssl, const unsigned char **out, unsigned int *outlen,void *arg)
+{
+	UNUSED(ssl);
+	UNUSED(arg);
+	*out = antd_protocols;
+	*outlen = sizeof(antd_protocols);
+	return SSL_TLSEXT_ERR_OK;
+}
+static int alpn_select_cb(SSL *ssl, const unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg)
+{
+	UNUSED(ssl);
+	UNUSED(arg);
+	if(SSL_select_next_proto((unsigned char **)out, outlen,antd_protocols,sizeof(antd_protocols),in, inlen) == OPENSSL_NPN_NEGOTIATED)
+	{
+		return SSL_TLSEXT_ERR_OK;
+	}
+	else
+	{
+		ERROR("No protocol support overlap found between client and server\n");
+		return SSL_TLSEXT_ERR_ALERT_FATAL;
+	}
+}
+#endif
 void configure_context(SSL_CTX *ctx)
 {
 #if defined(SSL_CTX_set_ecdh_auto)
@ -85,6 +112,10 @@ void configure_context(SSL_CTX *ctx)
        ERR_print_errors_fp(stderr);
 		exit(EXIT_FAILURE);
    }
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L
+	SSL_CTX_set_alpn_select_cb(ctx,alpn_select_cb, NULL);
+	SSL_CTX_set_next_protos_advertised_cb(ctx,alpn_advertise_protos_cb,NULL);
+#endif
 }

 #endif
@ -276,7 +307,12 @@ int main(int argc, char* argv[])
 							client->ssl = (void*)SSL_new(ctx);
 							if(!client->ssl) continue;
 							SSL_set_fd((SSL*)client->ssl, client->sock);
-
+							// this can be used in the protocol select callback to
+							// set the protocol selected by the server
+							if(!SSL_set_ex_data((SSL*)client->ssl, client->sock, client))
+							{
+								ERROR("Cannot set ex data to ssl client:%d", client->sock);
+							}
 							/*if (SSL_accept((SSL*)client->ssl) <= 0) {
 								LOG("EROOR accept\n");
 								ERR_print_errors_fp(stderr);
--- a/lib/handle.c
+++ b/lib/handle.c
@ -796,7 +796,9 @@ void antd_error(void* client, int status, const char* msg)
 	}
 	char ibuf[20];
    snprintf (ibuf, sizeof(ibuf), "%d",clen);
+#ifdef USE_ZLIB
 	if(((antd_client_t*)client)->z_level == ANTD_CNONE || !compressable(ctype))
+#endif
 		dput(rsh.header, "Content-Length", strdup(ibuf));
 	antd_send_header(client, &rsh);
 	if(res_str)