Mercurial > hg > nginx
comparison src/http/ngx_http_request.c @ 6289:909b5b191f25
SSL: only select HTTP/2 using NPN if "http2" is enabled.
OpenSSL doesn't check if the negotiated protocol has been announced.
As a result, the client might force using HTTP/2 even if it wasn't
enabled in configuration.
author | Valentin Bartenev <vbart@nginx.com> |
---|---|
date | Thu, 05 Nov 2015 15:01:09 +0300 |
parents | 257b51c37c5a |
children | b1858fc47e3b |
comparison
equal
deleted
inserted
replaced
6288:0f4b7800e681 | 6289:909b5b191f25 |
---|---|
766 | 766 |
767 #if (NGX_HTTP_V2 \ | 767 #if (NGX_HTTP_V2 \ |
768 && (defined TLSEXT_TYPE_application_layer_protocol_negotiation \ | 768 && (defined TLSEXT_TYPE_application_layer_protocol_negotiation \ |
769 || defined TLSEXT_TYPE_next_proto_neg)) | 769 || defined TLSEXT_TYPE_next_proto_neg)) |
770 { | 770 { |
771 unsigned int len; | 771 unsigned int len; |
772 const unsigned char *data; | 772 const unsigned char *data; |
773 ngx_http_connection_t *hc; | |
774 | |
775 hc = c->data; | |
776 | |
777 if (hc->addr_conf->http2) { | |
773 | 778 |
774 #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation | 779 #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation |
775 SSL_get0_alpn_selected(c->ssl->connection, &data, &len); | 780 SSL_get0_alpn_selected(c->ssl->connection, &data, &len); |
776 | 781 |
777 #ifdef TLSEXT_TYPE_next_proto_neg | 782 #ifdef TLSEXT_TYPE_next_proto_neg |
778 if (len == 0) { | 783 if (len == 0) { |
784 SSL_get0_next_proto_negotiated(c->ssl->connection, &data, &len); | |
785 } | |
786 #endif | |
787 | |
788 #else /* TLSEXT_TYPE_next_proto_neg */ | |
779 SSL_get0_next_proto_negotiated(c->ssl->connection, &data, &len); | 789 SSL_get0_next_proto_negotiated(c->ssl->connection, &data, &len); |
780 } | 790 #endif |
781 #endif | 791 |
782 | 792 if (len == 2 && data[0] == 'h' && data[1] == '2') { |
783 #else /* TLSEXT_TYPE_next_proto_neg */ | 793 ngx_http_v2_init(c->read); |
784 SSL_get0_next_proto_negotiated(c->ssl->connection, &data, &len); | 794 return; |
785 #endif | 795 } |
786 | |
787 if (len == 2 && data[0] == 'h' && data[1] == '2') { | |
788 ngx_http_v2_init(c->read); | |
789 return; | |
790 } | 796 } |
791 } | 797 } |
792 #endif | 798 #endif |
793 | 799 |
794 c->log->action = "waiting for request"; | 800 c->log->action = "waiting for request"; |