diff options
| author | Jim Jagielski <jim@apache.org> | 2015-04-01 19:18:59 +0200 |
|---|---|---|
| committer | Jim Jagielski <jim@apache.org> | 2015-04-01 19:18:59 +0200 |
| commit | c33564090daa734ec513572a40d180d224d37608 (patch) | |
| tree | c979c98a1ac0845e703b9c2857dafe4c35b5a220 /modules/ssl/ssl_engine_kernel.c | |
| parent | http: Add support for RFC2324/RFC7168. (diff) | |
| download | apache2-c33564090daa734ec513572a40d180d224d37608.tar.xz apache2-c33564090daa734ec513572a40d180d224d37608.zip | |
Fix issue w/ deterministic ordering and string comparison of "http/1.1." and "h2"
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1670738 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to '')
| -rw-r--r-- | modules/ssl/ssl_engine_kernel.c | 21 |
1 files changed, 11 insertions, 10 deletions
diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index f6429801fa..88dffb8346 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -2177,7 +2177,7 @@ static int ssl_array_index(apr_array_header_t *array, } /* - * Compare to ALPN protocol proposal. Result is similar to strcmp(): + * Compare two ALPN protocol proposal. Result is similar to strcmp(): * 0 gives same precedence, >0 means proto1 is prefered. */ static int ssl_cmp_alpn_protos(modssl_ctx_t *ctx, @@ -2254,14 +2254,8 @@ int ssl_callback_alpn_select(SSL *ssl, i += plen; } - /* Regardless of installed hooks, the http/1.1 protocol is always - * supported by us. Add it to the proposals if the client also - * offers it. */ proposed_protos = apr_array_make(c->pool, client_protos->nelts+1, sizeof(char *)); - if (ssl_array_index(client_protos, alpn_http1) >= 0) { - APR_ARRAY_PUSH(proposed_protos, const char*) = alpn_http1; - } if (sslconn->alpn_proposefns != NULL) { /* Invoke our alpn_propos_proto hooks, giving other modules a chance to @@ -2280,9 +2274,16 @@ int ssl_callback_alpn_select(SSL *ssl, } if (proposed_protos->nelts <= 0) { - ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02839) - "none of the client alpn protocols are supported"); - return SSL_TLSEXT_ERR_ALERT_FATAL; + /* Regardless of installed hooks, the http/1.1 protocol is always + * supported by us. Choose it if none other matches. */ + if (ssl_array_index(client_protos, alpn_http1) < 0) { + ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02839) + "none of the client alpn protocols are supported"); + return SSL_TLSEXT_ERR_ALERT_FATAL; + } + *out = (const unsigned char*)alpn_http1; + *outlen = (unsigned char)strlen(alpn_http1); + return SSL_TLSEXT_ERR_OK; } /* Now select the most preferred protocol from the proposals. */ |