From 7fc12a72e6131c51750ef2b457330a116a062331 Mon Sep 17 00:00:00 2001 From: lxsang Date: Sat, 11 Jan 2020 22:30:01 +0100 Subject: [PATCH] add protocol selection to ssl, used for http2 support in the future --- http_server.c | 2 ++ httpd.c | 40 ++++++++++++++++++++++++++++++++++++++-- lib/handle.c | 2 ++ 3 files changed, 42 insertions(+), 2 deletions(-) diff --git a/http_server.c b/http_server.c index d371df3..8a1072e 100644 --- a/http_server.c +++ b/http_server.c @@ -713,7 +713,9 @@ void *serve_file(void *data) rhd.status = 200; rhd.header = dict(); dput(rhd.header, "Content-Type", strdup(mime_type)); +#ifdef USE_ZLIB if(!compressable(mime_type) || rq->client->z_level == ANTD_CNONE) +#endif dput(rhd.header, "Content-Length", strdup(ibuf)); gmtime_r(&st.st_ctime, &tm); strftime(ibuf, 255, "%a, %d %b %Y %H:%M:%S GMT", &tm); diff --git a/httpd.c b/httpd.c index a18c07b..ccc21c6 100644 --- a/httpd.c +++ b/httpd.c @@ -40,7 +40,34 @@ SSL_CTX *create_context() return ctx; } - +#if OPENSSL_VERSION_NUMBER >= 0x10002000L +static unsigned char antd_protocols[] = { + //TODO: add support to HTTP/2 protocol: 2,'h', '2', + 8, 'h', 't', 't', 'p', '/', '1', '.', '1' +}; +static int alpn_advertise_protos_cb(SSL *ssl, const unsigned char **out, unsigned int *outlen,void *arg) +{ + UNUSED(ssl); + UNUSED(arg); + *out = antd_protocols; + *outlen = sizeof(antd_protocols); + return SSL_TLSEXT_ERR_OK; +} +static int alpn_select_cb(SSL *ssl, const unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg) +{ + UNUSED(ssl); + UNUSED(arg); + if(SSL_select_next_proto((unsigned char **)out, outlen,antd_protocols,sizeof(antd_protocols),in, inlen) == OPENSSL_NPN_NEGOTIATED) + { + return SSL_TLSEXT_ERR_OK; + } + else + { + ERROR("No protocol support overlap found between client and server\n"); + return SSL_TLSEXT_ERR_ALERT_FATAL; + } +} +#endif void configure_context(SSL_CTX *ctx) { #if defined(SSL_CTX_set_ecdh_auto) @@ -85,6 +112,10 @@ void configure_context(SSL_CTX *ctx) ERR_print_errors_fp(stderr); exit(EXIT_FAILURE); } +#if OPENSSL_VERSION_NUMBER >= 0x10002000L + SSL_CTX_set_alpn_select_cb(ctx,alpn_select_cb, NULL); + SSL_CTX_set_next_protos_advertised_cb(ctx,alpn_advertise_protos_cb,NULL); +#endif } #endif @@ -276,7 +307,12 @@ int main(int argc, char* argv[]) client->ssl = (void*)SSL_new(ctx); if(!client->ssl) continue; SSL_set_fd((SSL*)client->ssl, client->sock); - + // this can be used in the protocol select callback to + // set the protocol selected by the server + if(!SSL_set_ex_data((SSL*)client->ssl, client->sock, client)) + { + ERROR("Cannot set ex data to ssl client:%d", client->sock); + } /*if (SSL_accept((SSL*)client->ssl) <= 0) { LOG("EROOR accept\n"); ERR_print_errors_fp(stderr); diff --git a/lib/handle.c b/lib/handle.c index 9b08a31..4f1dbd9 100644 --- a/lib/handle.c +++ b/lib/handle.c @@ -796,7 +796,9 @@ void antd_error(void* client, int status, const char* msg) } char ibuf[20]; snprintf (ibuf, sizeof(ibuf), "%d",clen); +#ifdef USE_ZLIB if(((antd_client_t*)client)->z_level == ANTD_CNONE || !compressable(ctype)) +#endif dput(rsh.header, "Content-Length", strdup(ibuf)); antd_send_header(client, &rsh); if(res_str)