nginx: src/http/ngx_http_request.c comparison

comparison src/http/ngx_http_request.c @ 6289:909b5b191f25

SSL: only select HTTP/2 using NPN if "http2" is enabled. OpenSSL doesn't check if the negotiated protocol has been announced. As a result, the client might force using HTTP/2 even if it wasn't enabled in configuration.

author	Valentin Bartenev <vbart@nginx.com>
date	Thu, 05 Nov 2015 15:01:09 +0300
parents	257b51c37c5a
children	b1858fc47e3b

comparison

equal deleted inserted replaced

-:0f4b7800e681
+:909b5b191f25
 #if (NGX_HTTP_V2                                                              \
 && (defined TLSEXT_TYPE_application_layer_protocol_negotiation           \
 || defined TLSEXT_TYPE_next_proto_neg))
 {
-unsigned int          len;
+unsigned int            len;
-const unsigned char  *data;
+const unsigned char    *data;
+ngx_http_connection_t  *hc;
+hc = c->data;
+if (hc->addr_conf->http2) {
 #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
 SSL_get0_alpn_selected(c->ssl->connection, &data, &len);
 #ifdef TLSEXT_TYPE_next_proto_neg
 if (len == 0) {
+SSL_get0_next_proto_negotiated(c->ssl->connection, &data, &len);
+}
+#endif
+#else /* TLSEXT_TYPE_next_proto_neg */
 SSL_get0_next_proto_negotiated(c->ssl->connection, &data, &len);
-}
+#endif
-#endif
+if (len == 2 && data[0] == 'h' && data[1] == '2') {
-#else /* TLSEXT_TYPE_next_proto_neg */
+ngx_http_v2_init(c->read);
-SSL_get0_next_proto_negotiated(c->ssl->connection, &data, &len);
+return;
-#endif
+}
-if (len == 2 && data[0] == 'h' && data[1] == '2') {
-ngx_http_v2_init(c->read);
-return;
 }
 }
 #endif
 c->log->action = "waiting for request";

Mercurial > hg > nginx

comparison src/http/ngx_http_request.c @ 6289:909b5b191f25