[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 13/153: darwinssl: add support for ALPN negotiation
From: |
gnunet |
Subject: |
[GNUnet-SVN] [gnurl] 13/153: darwinssl: add support for ALPN negotiation |
Date: |
Tue, 11 Sep 2018 12:51:24 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit 092f6815c808489f1cea3df8449e16dff2c35e6b
Author: Rodger Combs <address@hidden>
AuthorDate: Wed Jul 11 02:45:14 2018 -0500
darwinssl: add support for ALPN negotiation
---
docs/HTTP2.md | 17 +++++++-------
lib/vtls/darwinssl.c | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 71 insertions(+), 8 deletions(-)
diff --git a/docs/HTTP2.md b/docs/HTTP2.md
index efbe69991..e20ce0cab 100644
--- a/docs/HTTP2.md
+++ b/docs/HTTP2.md
@@ -55,14 +55,15 @@ The challenge is the ALPN and NPN support and all our
different SSL
backends. You may need a fairly updated SSL library version for it to provide
the necessary TLS features. Right now we support:
- - OpenSSL: ALPN and NPN
- - libressl: ALPN and NPN
- - BoringSSL: ALPN and NPN
- - NSS: ALPN and NPN
- - GnuTLS: ALPN
- - mbedTLS: ALPN
- - SChannel: ALPN
- - wolfSSL: ALPN
+ - OpenSSL: ALPN and NPN
+ - libressl: ALPN and NPN
+ - BoringSSL: ALPN and NPN
+ - NSS: ALPN and NPN
+ - GnuTLS: ALPN
+ - mbedTLS: ALPN
+ - SChannel: ALPN
+ - wolfSSL: ALPN
+ - Secure Transport: ALPN
Multiplexing
------------
diff --git a/lib/vtls/darwinssl.c b/lib/vtls/darwinssl.c
index f29b5acad..1aea0dc3d 100644
--- a/lib/vtls/darwinssl.c
+++ b/lib/vtls/darwinssl.c
@@ -1573,6 +1573,35 @@ static CURLcode darwinssl_connect_step1(struct
connectdata *conn,
}
#endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */
+#if (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && HAVE_BUILTIN_AVAILABLE == 1
+ if(conn->bits.tls_enable_alpn) {
+ if(__builtin_available(macOS 10.13.4, iOS 11, *)) {
+ CFMutableArrayRef alpnArr = CFArrayCreateMutable(NULL, 0,
+ &kCFTypeArrayCallBacks);
+
+#ifdef USE_NGHTTP2
+ if(data->set.httpversion >= CURL_HTTP_VERSION_2 &&
+ (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)) {
+ CFArrayAppendValue(alpnArr, CFSTR(NGHTTP2_PROTO_VERSION_ID));
+ infof(data, "ALPN, offering %s\n", NGHTTP2_PROTO_VERSION_ID);
+ }
+#endif
+
+ CFArrayAppendValue(alpnArr, CFSTR(ALPN_HTTP_1_1));
+ infof(data, "ALPN, offering %s\n", ALPN_HTTP_1_1);
+
+ /* expects length prefixed preference ordered list of protocols in wire
+ * format
+ */
+ err = SSLSetALPNProtocols(BACKEND->ssl_ctx, alpnArr);
+ if(err != noErr)
+ infof(data, "WARNING: failed to set ALPN protocols; OSStatus %d\n",
+ err);
+ CFRelease(alpnArr);
+ }
+ }
+#endif
+
if(SSL_SET_OPTION(key)) {
infof(data, "WARNING: SSL: CURLOPT_SSLKEY is ignored by Secure "
"Transport. The private key must be in the Keychain.\n");
@@ -2467,6 +2496,39 @@ darwinssl_connect_step2(struct connectdata *conn, int
sockindex)
break;
}
+#if(CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && HAVE_BUILTIN_AVAILABLE == 1
+ if(conn->bits.tls_enable_alpn) {
+ if(__builtin_available(macOS 10.13.4, iOS 11, *)) {
+ CFArrayRef alpnArr = NULL;
+ CFStringRef chosenProtocol = NULL;
+ err = SSLCopyALPNProtocols(BACKEND->ssl_ctx, &alpnArr);
+
+ if(err == noErr && alpnArr && CFArrayGetCount(alpnArr) >= 1)
+ chosenProtocol = CFArrayGetValueAtIndex(alpnArr, 0);
+
+#ifdef USE_NGHTTP2
+ if(chosenProtocol &&
+ !CFStringCompare(chosenProtocol, CFSTR(NGHTTP2_PROTO_VERSION_ID),
+ 0)) {
+ conn->negnpn = CURL_HTTP_VERSION_2;
+ }
+ else
+#endif
+ if(chosenProtocol &&
+ !CFStringCompare(chosenProtocol, CFSTR(ALPN_HTTP_1_1), 0)) {
+ conn->negnpn = CURL_HTTP_VERSION_1_1;
+ }
+ else
+ infof(data, "ALPN, server did not agree to a protocol\n");
+
+ /* chosenProtocol is a reference to the string within alpnArr
+ and doesn't need to be freed separately */
+ if(alpnArr)
+ CFRelease(alpnArr);
+ }
+ }
+#endif
+
return CURLE_OK;
}
}
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 01/153: examples/crawler.c: move #ifdef to column 0, (continued)
- [GNUnet-SVN] [gnurl] 01/153: examples/crawler.c: move #ifdef to column 0, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 24/153: auth: only ever pick CURLAUTH_BEARER if we *have* a Bearer token, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 37/153: TODO: Support Authority Information Access certificate extension (AIA), gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 35/153: test1157: test -H from empty file, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 39/153: test1157: follow-up to 35ecffb9, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 40/153: sws: handle EINTR when calling select(), gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 05/153: ares: check for NULL in completed-callback, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 28/153: wolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 43/153: smb: fix memory leak on early failure, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 16/153: RELEASE-NOTES: sync, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 13/153: darwinssl: add support for ALPN negotiation,
gnunet <=
- [GNUnet-SVN] [gnurl] 34/153: curl: Fix segfault when -H @headerfile is empty, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 27/153: reuse_conn(): free old_conn->options, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 08/153: docs/SECURITY-PROCESS: mention bounty, drop pre-notify, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 19/153: http2: several cleanups, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 02/153: schannel: fix MinGW compile break, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 04/153: conn: remove the boolean 'inuse' field, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 20/153: test214: disable MSYS2's POSIX path conversion for URL, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 12/153: test1422: add required file feature, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 10/153: smb: fix memory-leak in URL parse error path, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 32/153: docs/examples: add hiperfifo example using linux epoll/timerfd, gnunet, 2018/09/11