libmicrohttpd

HTTP/1.x server C library (MHD 1.x, stable)
Log | Files | Refs | Submodules | README | LICENSE
commit 4e8f86a655a7d786bdce3f1330fd8fa083df8dfe
parent 523fa712fdc408997f8387c9fef62968c13758f2
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
Date:   Mon, 19 Apr 2021 18:39:56 +0300

Added support for ALPN protocols list for TLS connections

Diffstat:

Msrc/include/microhttpd.h | 13+++++++++++--


Msrc/microhttpd/daemon.c | 38++++++++++++++++++++++++++++++++++++++


Msrc/microhttpd/internal.h | 7++++++-


3 files changed, 55 insertions(+), 3 deletions(-)

diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h
@@ -135,7 +135,7 @@ typedef intptr_t ssize_t;
  * they are parsed as decimal numbers.
  * Example: 0x01093001 = 1.9.30-1.
  */
-#define MHD_VERSION 0x00097206
+#define MHD_VERSION 0x00097207
 
 /**
  * Operational results from MHD calls.
@@ -1743,7 +1743,16 @@ enum MHD_OPTION
    * This option should be followed by an `int` argument.
    * @note Available since #MHD_VERSION 0x00097205
    */
-  MHD_OPTION_SIGPIPE_HANDLED_BY_APP = 33
+  MHD_OPTION_SIGPIPE_HANDLED_BY_APP = 33,
+
+  /**
+   * If followed by 'int' with value '1' disables usage of ALPN for TLS
+   * connections even if supported by TLS library.
+   * Valid only for daemons with #MHD_USE_TLS.
+   * This option should be followed by an `int` argument.
+   * @note Available since #MHD_VERSION 0x00097207
+   */
+  MHD_OPTION_TLS_NO_ALPN = 34
 };
 
 
diff --git a/src/microhttpd/daemon.c b/src/microhttpd/daemon.c
@@ -2550,6 +2550,32 @@ new_connection_prepare_ (struct MHD_Daemon *daemon,
 #endif
       return NULL;
     }
+#if (GNUTLS_VERSION_NUMBER + 0 >= 0x030200)
+    if (!daemon->disable_alpn)
+    {
+      gnutls_datum_t prts[2];
+      const char prt1[] = "http/1.1";
+      const char prt2[] = "http/1.0";
+
+      prts[0].data = (void*) prt1;
+      prts[0].size = MHD_STATICSTR_LEN_ (prt1);
+      prts[1].data = (void*) prt2;
+      prts[1].size = MHD_STATICSTR_LEN_ (prt2);
+      if (GNUTLS_E_SUCCESS !=
+          gnutls_alpn_set_protocols(connection->tls_session,
+                                    prts,
+                                    sizeof(prts) / sizeof(prts[0]),
+                                    0 /* || GNUTLS_ALPN_SERVER_PRECEDENCE */))
+      {
+#ifdef HAVE_MESSAGES
+        MHD_DLOG (daemon,
+                  _ ("Failed to set ALPN protocols.\n"));
+#else  /* ! HAVE_MESSAGES */
+        (void) 0; /* Mute compiler warning */
+#endif /* ! HAVE_MESSAGES */
+      }
+    }
+#endif /* GNUTLS_VERSION_NUMBER >= 0x030200 */
     gnutls_session_set_ptr (connection->tls_session,
                             connection);
     switch (daemon->cred_type)
@@ -5963,6 +5989,7 @@ parse_options_va (struct MHD_Daemon *daemon,
         /* all options taking 'int' */
         case MHD_OPTION_STRICT_FOR_CLIENT:
         case MHD_OPTION_SIGPIPE_HANDLED_BY_APP:
+        case MHD_OPTION_TLS_NO_ALPN:
           if (MHD_NO == parse_options (daemon,
                                        servaddr,
                                        opt,
@@ -6051,6 +6078,17 @@ parse_options_va (struct MHD_Daemon *daemon,
                        int);
       }
       break;
+    case MHD_OPTION_TLS_NO_ALPN:
+      daemon->disable_alpn = (va_arg (ap,
+                                      int) != 0);
+#ifdef HAVE_MESSAGES
+      if (0 == (daemon->options & MHD_USE_TLS))
+        MHD_DLOG (daemon,
+                  _ ("MHD HTTPS option %d passed to MHD " \
+                     "but MHD_USE_TLS not set.\n"),
+                  (int) opt);
+#endif /* HAVE_MESSAGES */
+      break;
     default:
 #ifdef HAVE_MESSAGES
       if ( ( (opt >= MHD_OPTION_HTTPS_MEM_KEY) &&
diff --git a/src/microhttpd/internal.h b/src/microhttpd/internal.h
@@ -1889,7 +1889,12 @@ struct MHD_Daemon
    */
   bool have_dhparams;
 
-#endif /* HTTPS_SUPPORT */
+  /**
+   * true if ALPN is disabled.
+   */
+  bool disable_alpn;
+
+  #endif /* HTTPS_SUPPORT */
 
 #ifdef DAUTH_SUPPORT