Added support for ALPN protocols list for TLS connections

author: Evgeny Grin (Karlson2k) <k2k@narod.ru> 2021-04-19 18:39:56 +0300
committer: Evgeny Grin (Karlson2k) <k2k@narod.ru> 2021-04-19 18:39:56 +0300
commit: 4e8f86a655a7d786bdce3f1330fd8fa083df8dfe (patch)
tree: 7bfaa59973bf02e5dc52b3e764a7f1c6141062cd /src
parent: 523fa712fdc408997f8387c9fef62968c13758f2 (diff)
download: libmicrohttpd-4e8f86a655a7d786bdce3f1330fd8fa083df8dfe.tar.gz
libmicrohttpd-4e8f86a655a7d786bdce3f1330fd8fa083df8dfe.zip
3 files changed, 55 insertions, 3 deletions
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h
index 5eda9845..5211d354 100644
--- a/src/include/microhttpd.h
+++ b/src/include/microhttpd.h
@@ -135,7 +135,7 @@ typedef intptr_t ssize_t;
 * they are parsed as decimal numbers.
 * Example: 0x01093001 = 1.9.30-1.
 */
-#define MHD_VERSION 0x00097206
+#define MHD_VERSION 0x00097207
 /**
 * Operational results from MHD calls.
@@ -1743,7 +1743,16 @@ enum MHD_OPTION
   * This option should be followed by an `int` argument.
   * @note Available since #MHD_VERSION 0x00097205
   */
-  MHD_OPTION_SIGPIPE_HANDLED_BY_APP = 33
+  MHD_OPTION_SIGPIPE_HANDLED_BY_APP = 33,
+  /**
+   * If followed by 'int' with value '1' disables usage of ALPN for TLS
+   * connections even if supported by TLS library.
+   * Valid only for daemons with #MHD_USE_TLS.
+   * This option should be followed by an `int` argument.
+   * @note Available since #MHD_VERSION 0x00097207
+   */
+  MHD_OPTION_TLS_NO_ALPN = 34
 };
diff --git a/src/microhttpd/daemon.c b/src/microhttpd/daemon.c
index 8d721203..0ce0a242 100644
--- a/src/microhttpd/daemon.c
+++ b/src/microhttpd/daemon.c
@@ -2550,6 +2550,32 @@ new_connection_prepare_ (struct MHD_Daemon *daemon,
 #endif
      return NULL;
    }
+#if (GNUTLS_VERSION_NUMBER + 0 >= 0x030200)
+    if (!daemon->disable_alpn)
+    {
+      gnutls_datum_t prts[2];
+      const char prt1[] = "http/1.1";
+      const char prt2[] = "http/1.0";
+      prts[0].data = (void*) prt1;
+      prts[0].size = MHD_STATICSTR_LEN_ (prt1);
+      prts[1].data = (void*) prt2;
+      prts[1].size = MHD_STATICSTR_LEN_ (prt2);
+      if (GNUTLS_E_SUCCESS !=
+          gnutls_alpn_set_protocols(connection->tls_session,
+                                    prts,
+                                    sizeof(prts) / sizeof(prts[0]),
+                                    0 /* || GNUTLS_ALPN_SERVER_PRECEDENCE */))
+      {
+#ifdef HAVE_MESSAGES
+        MHD_DLOG (daemon,
+                  _ ("Failed to set ALPN protocols.\n"));
+#else  /* ! HAVE_MESSAGES */
+        (void) 0; /* Mute compiler warning */
+#endif /* ! HAVE_MESSAGES */
+      }
+    }
+#endif /* GNUTLS_VERSION_NUMBER >= 0x030200 */
    gnutls_session_set_ptr (connection->tls_session,
                            connection);
    switch (daemon->cred_type)
@@ -5963,6 +5989,7 @@ parse_options_va (struct MHD_Daemon *daemon,
        /* all options taking 'int' */
        case MHD_OPTION_STRICT_FOR_CLIENT:
        case MHD_OPTION_SIGPIPE_HANDLED_BY_APP:
+        case MHD_OPTION_TLS_NO_ALPN:
          if (MHD_NO == parse_options (daemon,
                                       servaddr,
                                       opt,
@@ -6051,6 +6078,17 @@ parse_options_va (struct MHD_Daemon *daemon,
                       int);
      }
      break;
+    case MHD_OPTION_TLS_NO_ALPN:
+      daemon->disable_alpn = (va_arg (ap,
+                                      int) != 0);
+#ifdef HAVE_MESSAGES
+      if (0 == (daemon->options & MHD_USE_TLS))
+        MHD_DLOG (daemon,
+                  _ ("MHD HTTPS option %d passed to MHD " \
+                     "but MHD_USE_TLS not set.\n"),
+                  (int) opt);
+#endif /* HAVE_MESSAGES */
+      break;
    default:
 #ifdef HAVE_MESSAGES
      if ( ( (opt >= MHD_OPTION_HTTPS_MEM_KEY) &&
diff --git a/src/microhttpd/internal.h b/src/microhttpd/internal.h
index fe71e9ab..f660dff1 100644
--- a/src/microhttpd/internal.h
+++ b/src/microhttpd/internal.h
@@ -1889,7 +1889,12 @@ struct MHD_Daemon
   */
  bool have_dhparams;
-#endif /* HTTPS_SUPPORT */
+  /**
+   * true if ALPN is disabled.
+   */
+  bool disable_alpn;
+  #endif /* HTTPS_SUPPORT */
 #ifdef DAUTH_SUPPORT
author	Evgeny Grin (Karlson2k) <k2k@narod.ru>	2021-04-19 18:39:56 +0300
committer	Evgeny Grin (Karlson2k) <k2k@narod.ru>	2021-04-19 18:39:56 +0300
commit	4e8f86a655a7d786bdce3f1330fd8fa083df8dfe (patch)
tree	7bfaa59973bf02e5dc52b3e764a7f1c6141062cd /src
parent	523fa712fdc408997f8387c9fef62968c13758f2 (diff)
download	libmicrohttpd-4e8f86a655a7d786bdce3f1330fd8fa083df8dfe.tar.gz libmicrohttpd-4e8f86a655a7d786bdce3f1330fd8fa083df8dfe.zip

diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h index 5eda9845..5211d354 100644 --- a/src/include/microhttpd.h +++ b/src/include/microhttpd.h
@@ -135,7 +135,7 @@ typedef intptr_t ssize_t;
135	* they are parsed as decimal numbers.	135	* they are parsed as decimal numbers.
136	* Example: 0x01093001 = 1.9.30-1.	136	* Example: 0x01093001 = 1.9.30-1.
137	*/	137	*/
138	#define MHD_VERSION 0x00097206	138	#define MHD_VERSION 0x00097207
139		139
140	/**	140	/**
141	* Operational results from MHD calls.	141	* Operational results from MHD calls.
@@ -1743,7 +1743,16 @@ enum MHD_OPTION
1743	* This option should be followed by an `int` argument.	1743	* This option should be followed by an `int` argument.
1744	* @note Available since #MHD_VERSION 0x00097205	1744	* @note Available since #MHD_VERSION 0x00097205
1745	*/	1745	*/
1746	MHD_OPTION_SIGPIPE_HANDLED_BY_APP = 33	1746	MHD_OPTION_SIGPIPE_HANDLED_BY_APP = 33,
		1747
		1748	/**
		1749	* If followed by 'int' with value '1' disables usage of ALPN for TLS
		1750	* connections even if supported by TLS library.
		1751	* Valid only for daemons with #MHD_USE_TLS.
		1752	* This option should be followed by an `int` argument.
		1753	* @note Available since #MHD_VERSION 0x00097207
		1754	*/
		1755	MHD_OPTION_TLS_NO_ALPN = 34
1747	};	1756	};
1748		1757
1749		1758


diff --git a/src/microhttpd/daemon.c b/src/microhttpd/daemon.c index 8d721203..0ce0a242 100644 --- a/src/microhttpd/daemon.c +++ b/src/microhttpd/daemon.c
@@ -2550,6 +2550,32 @@ new_connection_prepare_ (struct MHD_Daemon *daemon,
2550	#endif	2550	#endif
2551	return NULL;	2551	return NULL;
2552	}	2552	}
		2553	#if (GNUTLS_VERSION_NUMBER + 0 >= 0x030200)
		2554	if (!daemon->disable_alpn)
		2555	{
		2556	gnutls_datum_t prts[2];
		2557	const char prt1[] = "http/1.1";
		2558	const char prt2[] = "http/1.0";
		2559
		2560	prts[0].data = (void*) prt1;
		2561	prts[0].size = MHD_STATICSTR_LEN_ (prt1);
		2562	prts[1].data = (void*) prt2;
		2563	prts[1].size = MHD_STATICSTR_LEN_ (prt2);
		2564	if (GNUTLS_E_SUCCESS !=
		2565	gnutls_alpn_set_protocols(connection->tls_session,
		2566	prts,
		2567	sizeof(prts) / sizeof(prts[0]),
		2568	0 /* \|\| GNUTLS_ALPN_SERVER_PRECEDENCE */))
		2569	{
		2570	#ifdef HAVE_MESSAGES
		2571	MHD_DLOG (daemon,
		2572	_ ("Failed to set ALPN protocols.\n"));
		2573	#else /* ! HAVE_MESSAGES */
		2574	(void) 0; /* Mute compiler warning */
		2575	#endif /* ! HAVE_MESSAGES */
		2576	}
		2577	}
		2578	#endif /* GNUTLS_VERSION_NUMBER >= 0x030200 */
2553	gnutls_session_set_ptr (connection->tls_session,	2579	gnutls_session_set_ptr (connection->tls_session,
2554	connection);	2580	connection);
2555	switch (daemon->cred_type)	2581	switch (daemon->cred_type)
@@ -5963,6 +5989,7 @@ parse_options_va (struct MHD_Daemon *daemon,
5963	/* all options taking 'int' */	5989	/* all options taking 'int' */
5964	case MHD_OPTION_STRICT_FOR_CLIENT:	5990	case MHD_OPTION_STRICT_FOR_CLIENT:
5965	case MHD_OPTION_SIGPIPE_HANDLED_BY_APP:	5991	case MHD_OPTION_SIGPIPE_HANDLED_BY_APP:
		5992	case MHD_OPTION_TLS_NO_ALPN:
5966	if (MHD_NO == parse_options (daemon,	5993	if (MHD_NO == parse_options (daemon,
5967	servaddr,	5994	servaddr,
5968	opt,	5995	opt,
@@ -6051,6 +6078,17 @@ parse_options_va (struct MHD_Daemon *daemon,
6051	int);	6078	int);
6052	}	6079	}
6053	break;	6080	break;
		6081	case MHD_OPTION_TLS_NO_ALPN:
		6082	daemon->disable_alpn = (va_arg (ap,
		6083	int) != 0);
		6084	#ifdef HAVE_MESSAGES
		6085	if (0 == (daemon->options & MHD_USE_TLS))
		6086	MHD_DLOG (daemon,
		6087	_ ("MHD HTTPS option %d passed to MHD " \
		6088	"but MHD_USE_TLS not set.\n"),
		6089	(int) opt);
		6090	#endif /* HAVE_MESSAGES */
		6091	break;
6054	default:	6092	default:
6055	#ifdef HAVE_MESSAGES	6093	#ifdef HAVE_MESSAGES
6056	if ( ( (opt >= MHD_OPTION_HTTPS_MEM_KEY) &&	6094	if ( ( (opt >= MHD_OPTION_HTTPS_MEM_KEY) &&


diff --git a/src/microhttpd/internal.h b/src/microhttpd/internal.h index fe71e9ab..f660dff1 100644 --- a/src/microhttpd/internal.h +++ b/src/microhttpd/internal.h
@@ -1889,7 +1889,12 @@ struct MHD_Daemon
1889	*/	1889	*/
1890	bool have_dhparams;	1890	bool have_dhparams;
1891		1891
1892	#endif /* HTTPS_SUPPORT */	1892	/**
		1893	* true if ALPN is disabled.
		1894	*/
		1895	bool disable_alpn;
		1896
		1897	#endif /* HTTPS_SUPPORT */
1893		1898
1894	#ifdef DAUTH_SUPPORT	1899	#ifdef DAUTH_SUPPORT
1895		1900