Mercurial > hg > nginx-quic
comparison src/http/ngx_http_request.c @ 6345:5ae5142d39a3 stable-1.8
SSL: only select SPDY using NPN if "spdy" is enabled.
OpenSSL doesn't check if the negotiated protocol has been announced.
As a result, the client might force using SPDY even if it wasn't
enabled in configuration.
author | Valentin Bartenev <vbart@nginx.com> |
---|---|
date | Thu, 05 Nov 2015 15:01:09 +0300 |
parents | a08fad30aeac |
children |
comparison
equal
deleted
inserted
replaced
6344:a8ecb0a2193f | 6345:5ae5142d39a3 |
---|---|
768 && (defined TLSEXT_TYPE_application_layer_protocol_negotiation \ | 768 && (defined TLSEXT_TYPE_application_layer_protocol_negotiation \ |
769 || defined TLSEXT_TYPE_next_proto_neg)) | 769 || defined TLSEXT_TYPE_next_proto_neg)) |
770 { | 770 { |
771 unsigned int len; | 771 unsigned int len; |
772 const unsigned char *data; | 772 const unsigned char *data; |
773 ngx_http_connection_t *hc; | |
773 static const ngx_str_t spdy = ngx_string(NGX_SPDY_NPN_NEGOTIATED); | 774 static const ngx_str_t spdy = ngx_string(NGX_SPDY_NPN_NEGOTIATED); |
774 | 775 |
776 hc = c->data; | |
777 | |
778 if (hc->addr_conf->spdy) { | |
779 | |
775 #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation | 780 #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation |
776 SSL_get0_alpn_selected(c->ssl->connection, &data, &len); | 781 SSL_get0_alpn_selected(c->ssl->connection, &data, &len); |
777 | 782 |
778 #ifdef TLSEXT_TYPE_next_proto_neg | 783 #ifdef TLSEXT_TYPE_next_proto_neg |
779 if (len == 0) { | 784 if (len == 0) { |
785 SSL_get0_next_proto_negotiated(c->ssl->connection, &data, &len); | |
786 } | |
787 #endif | |
788 | |
789 #else /* TLSEXT_TYPE_next_proto_neg */ | |
780 SSL_get0_next_proto_negotiated(c->ssl->connection, &data, &len); | 790 SSL_get0_next_proto_negotiated(c->ssl->connection, &data, &len); |
781 } | 791 #endif |
782 #endif | 792 |
783 | 793 if (len == spdy.len |
784 #else /* TLSEXT_TYPE_next_proto_neg */ | 794 && ngx_strncmp(data, spdy.data, spdy.len) == 0) |
785 SSL_get0_next_proto_negotiated(c->ssl->connection, &data, &len); | 795 { |
786 #endif | 796 ngx_http_spdy_init(c->read); |
787 | 797 return; |
788 if (len == spdy.len && ngx_strncmp(data, spdy.data, spdy.len) == 0) { | 798 } |
789 ngx_http_spdy_init(c->read); | |
790 return; | |
791 } | 799 } |
792 } | 800 } |
793 #endif | 801 #endif |
794 | 802 |
795 c->log->action = "waiting for request"; | 803 c->log->action = "waiting for request"; |