Mercurial > hg > nginx
comparison src/http/ngx_http_request.c @ 6345:5ae5142d39a3 stable-1.8
SSL: only select SPDY using NPN if "spdy" is enabled.
OpenSSL doesn't check if the negotiated protocol has been announced.
As a result, the client might force using SPDY even if it wasn't
enabled in configuration.
| author | Valentin Bartenev <vbart@nginx.com> |
|---|---|
| date | Thu, 05 Nov 2015 15:01:09 +0300 |
| parents | a08fad30aeac |
| children |
comparison
equal
deleted
inserted
replaced
| 6344:a8ecb0a2193f | 6345:5ae5142d39a3 |
|---|---|
| 768 && (defined TLSEXT_TYPE_application_layer_protocol_negotiation \ | 768 && (defined TLSEXT_TYPE_application_layer_protocol_negotiation \ |
| 769 || defined TLSEXT_TYPE_next_proto_neg)) | 769 || defined TLSEXT_TYPE_next_proto_neg)) |
| 770 { | 770 { |
| 771 unsigned int len; | 771 unsigned int len; |
| 772 const unsigned char *data; | 772 const unsigned char *data; |
| 773 ngx_http_connection_t *hc; | |
| 773 static const ngx_str_t spdy = ngx_string(NGX_SPDY_NPN_NEGOTIATED); | 774 static const ngx_str_t spdy = ngx_string(NGX_SPDY_NPN_NEGOTIATED); |
| 774 | 775 |
| 776 hc = c->data; | |
| 777 | |
| 778 if (hc->addr_conf->spdy) { | |
| 779 | |
| 775 #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation | 780 #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation |
| 776 SSL_get0_alpn_selected(c->ssl->connection, &data, &len); | 781 SSL_get0_alpn_selected(c->ssl->connection, &data, &len); |
| 777 | 782 |
| 778 #ifdef TLSEXT_TYPE_next_proto_neg | 783 #ifdef TLSEXT_TYPE_next_proto_neg |
| 779 if (len == 0) { | 784 if (len == 0) { |
| 785 SSL_get0_next_proto_negotiated(c->ssl->connection, &data, &len); | |
| 786 } | |
| 787 #endif | |
| 788 | |
| 789 #else /* TLSEXT_TYPE_next_proto_neg */ | |
| 780 SSL_get0_next_proto_negotiated(c->ssl->connection, &data, &len); | 790 SSL_get0_next_proto_negotiated(c->ssl->connection, &data, &len); |
| 781 } | 791 #endif |
| 782 #endif | 792 |
| 783 | 793 if (len == spdy.len |
| 784 #else /* TLSEXT_TYPE_next_proto_neg */ | 794 && ngx_strncmp(data, spdy.data, spdy.len) == 0) |
| 785 SSL_get0_next_proto_negotiated(c->ssl->connection, &data, &len); | 795 { |
| 786 #endif | 796 ngx_http_spdy_init(c->read); |
| 787 | 797 return; |
| 788 if (len == spdy.len && ngx_strncmp(data, spdy.data, spdy.len) == 0) { | 798 } |
| 789 ngx_http_spdy_init(c->read); | |
| 790 return; | |
| 791 } | 799 } |
| 792 } | 800 } |
| 793 #endif | 801 #endif |
| 794 | 802 |
| 795 c->log->action = "waiting for request"; | 803 c->log->action = "waiting for request"; |