diff options
author | Kaspar Brand <kbrand@apache.org> | 2015-04-29 10:27:32 +0000 |
---|---|---|
committer | Kaspar Brand <kbrand@apache.org> | 2015-04-29 10:27:32 +0000 |
commit | 8063d622871c13431c98c04a60b961b4a4cc8b9e (patch) | |
tree | 33533f330401a308b4d62486fd99f06568b1ea03 | |
parent | 9db6088a18e9148f890411d10c086b4c7a7d7713 (diff) | |
download | httpd-8063d622871c13431c98c04a60b961b4a4cc8b9e.tar.gz |
Formatting and wording improvements for ALPN (no code changes)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1676709 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r-- | modules/ssl/mod_ssl.c | 12 | ||||
-rw-r--r-- | modules/ssl/mod_ssl.h | 8 | ||||
-rw-r--r-- | modules/ssl/ssl_engine_init.c | 3 | ||||
-rw-r--r-- | modules/ssl/ssl_engine_io.c | 19 | ||||
-rw-r--r-- | modules/ssl/ssl_engine_kernel.c | 55 | ||||
-rw-r--r-- | modules/ssl/ssl_private.h | 6 |
6 files changed, 52 insertions, 51 deletions
diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c index 2cb63669fe..adb76e79e5 100644 --- a/modules/ssl/mod_ssl.c +++ b/modules/ssl/mod_ssl.c @@ -454,25 +454,25 @@ static int modssl_register_alpn(conn_rec *c, { #ifdef HAVE_TLS_ALPN SSLConnRec *sslconn = myConnConfig(c); - + if (!sslconn) { return DECLINED; } - + if (!sslconn->alpn_proposefns) { sslconn->alpn_proposefns = - apr_array_make(c->pool, 5, sizeof(ssl_alpn_propose_protos)); + apr_array_make(c->pool, 5, sizeof(ssl_alpn_propose_protos)); sslconn->alpn_negofns = - apr_array_make(c->pool, 5, sizeof(ssl_alpn_proto_negotiated)); + apr_array_make(c->pool, 5, sizeof(ssl_alpn_proto_negotiated)); } - + if (advertisefn) APR_ARRAY_PUSH(sslconn->alpn_proposefns, ssl_alpn_propose_protos) = advertisefn; if (negotiatedfn) APR_ARRAY_PUSH(sslconn->alpn_negofns, ssl_alpn_proto_negotiated) = negotiatedfn; - + return OK; #else return DECLINED; diff --git a/modules/ssl/mod_ssl.h b/modules/ssl/mod_ssl.h index 8246d49629..6ccf9a4e81 100644 --- a/modules/ssl/mod_ssl.h +++ b/modules/ssl/mod_ssl.h @@ -107,8 +107,8 @@ APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *)); * callbacks, return DONE. */ typedef int (*ssl_alpn_propose_protos)(conn_rec *connection, - apr_array_header_t *client_protos, - apr_array_header_t *proposed_protos); + apr_array_header_t *client_protos, + apr_array_header_t *proposed_protos); /** The alpn_proto_negotiated callback allows other modules to discover * the name of the protocol that was chosen during the Application-Layer @@ -119,8 +119,8 @@ typedef int (*ssl_alpn_propose_protos)(conn_rec *connection, * (i.e. insert or remove filters) and return OK. To prevent further * processing of (other modules') callbacks, return DONE. */ typedef int (*ssl_alpn_proto_negotiated)(conn_rec *connection, - const char *proto_name, - apr_size_t proto_name_len); + const char *proto_name, + apr_size_t proto_name_len); /* An optional function which can be used to register a pair of callbacks * for ALPN handling. diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c index 28753a6f1a..04c244ad9a 100644 --- a/modules/ssl/ssl_engine_init.c +++ b/modules/ssl/ssl_engine_init.c @@ -648,8 +648,7 @@ static void ssl_init_ctx_callbacks(server_rec *s, SSL_CTX_set_info_callback(ctx, ssl_callback_Info); #ifdef HAVE_TLS_ALPN - SSL_CTX_set_alpn_select_cb( - ctx, ssl_callback_alpn_select, NULL); + SSL_CTX_set_alpn_select_cb(ctx, ssl_callback_alpn_select, NULL); #endif } diff --git a/modules/ssl/ssl_engine_io.c b/modules/ssl/ssl_engine_io.c index ed09b92e22..1cc836a384 100644 --- a/modules/ssl/ssl_engine_io.c +++ b/modules/ssl/ssl_engine_io.c @@ -1496,20 +1496,23 @@ static apr_status_t ssl_io_filter_input(ap_filter_t *f, const unsigned char *next_proto = NULL; unsigned next_proto_len = 0; int n; - + if (sslconn->alpn_negofns) { SSL_get0_alpn_selected(inctx->ssl, &next_proto, &next_proto_len); ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, f->c, - APLOGNO(02836) "SSL negotiated protocol: '%s'", - (next_proto && next_proto_len)? - apr_pstrmemdup(f->c->pool, (const char *)next_proto, - next_proto_len) : "(null)"); + APLOGNO(02836) "ALPN selected protocol: '%s'", + (next_proto && next_proto_len) ? + apr_pstrmemdup(f->c->pool, + (const char *)next_proto, + next_proto_len) : + "(null)"); for (n = 0; n < sslconn->alpn_negofns->nelts; n++) { ssl_alpn_proto_negotiated fn = - APR_ARRAY_IDX(sslconn->alpn_negofns, n, ssl_alpn_proto_negotiated); - + APR_ARRAY_IDX(sslconn->alpn_negofns, n, + ssl_alpn_proto_negotiated); + if (fn(f->c, (const char *)next_proto, next_proto_len) == DONE) - break; + break; } } inctx->alpn_finished = 1; diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index ffc2c99813..bdae6c38d1 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -2163,12 +2163,11 @@ int ssl_callback_SessionTicket(SSL *ssl, #endif /* HAVE_TLS_SESSION_TICKETS */ #ifdef HAVE_TLS_ALPN -static int ssl_array_index(apr_array_header_t *array, - const char *s) +static int ssl_array_index(apr_array_header_t *array, const char *s) { int i; for (i = 0; i < array->nelts; i++) { - const char *p = APR_ARRAY_IDX(array, i, const char*); + const char *p = APR_ARRAY_IDX(array, i, const char *); if (!strcmp(p, s)) { return i; } @@ -2178,21 +2177,20 @@ static int ssl_array_index(apr_array_header_t *array, /* * Compare two ALPN protocol proposal. Result is similar to strcmp(): - * 0 gives same precedence, >0 means proto1 is prefered. + * 0 gives same precedence, >0 means proto1 is preferred. */ static int ssl_cmp_alpn_protos(modssl_ctx_t *ctx, const char *proto1, const char *proto2) { - /* TODO: we should have a mod_ssl configuration parameter. */ if (ctx && ctx->ssl_alpn_pref) { int index1 = ssl_array_index(ctx->ssl_alpn_pref, proto1); int index2 = ssl_array_index(ctx->ssl_alpn_pref, proto2); if (index2 > index1) { - return (index1 >= 0)? 1 : -1; + return (index1 >= 0) ? 1 : -1; } else if (index1 > index2) { - return (index2 >= 0)? -1 : 1; + return (index2 >= 0) ? -1 : 1; } } /* both have the same index (mabye -1 or no pref configured) and we compare @@ -2202,26 +2200,27 @@ static int ssl_cmp_alpn_protos(modssl_ctx_t *ctx, } /* - * This callback function is executed when the TLS Application Layer - * Protocol Negotiate Extension (ALPN, RFC 7301) is triggered by the client - * hello, giving a list of desired protocol names (in descending preference) + * This callback function is executed when the TLS Application-Layer + * Protocol Negotiation Extension (ALPN, RFC 7301) is triggered by the Client + * Hello, giving a list of desired protocol names (in descending preference) * to the server. * The callback has to select a protocol name or return an error if none of - * the clients preferences is supported. + * the clients preferences is supported. * The selected protocol does not have to be on the client list, according * to RFC 7301, so no checks are performed. - * The client protocol list is serialized as length byte followed by ascii + * The client protocol list is serialized as length byte followed by ASCII * characters (not null-terminated), followed by the next protocol name. */ int ssl_callback_alpn_select(SSL *ssl, const unsigned char **out, unsigned char *outlen, - const unsigned char *in, unsigned int inlen, void *arg) + const unsigned char *in, unsigned int inlen, + void *arg) { conn_rec *c = (conn_rec*)SSL_get_app_data(ssl); SSLConnRec *sslconn = myConnConfig(c); - server_rec *s = mySrvFromConn(c); + server_rec *s = mySrvFromConn(c); SSLSrvConfigRec *sc = mySrvConfig(s); - modssl_ctx_t *mctx = myCtxConfig(sslconn, sc); + modssl_ctx_t *mctx = myCtxConfig(sslconn, sc); const char *alpn_http1 = "http/1.1"; apr_array_header_t *client_protos; apr_array_header_t *proposed_protos; @@ -2233,42 +2232,42 @@ int ssl_callback_alpn_select(SSL *ssl, if (c == NULL) { return SSL_TLSEXT_ERR_OK; } - + if (inlen == 0) { // someone tries to trick us? ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02837) "ALPN client protocol list empty"); return SSL_TLSEXT_ERR_ALERT_FATAL; } - + client_protos = apr_array_make(c->pool, 0, sizeof(char *)); for (i = 0; i < inlen; /**/) { unsigned int plen = in[i++]; if (plen + i > inlen) { // someone tries to trick us? ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02838) - "ALPN protocol identier too long"); + "ALPN protocol identifier too long"); return SSL_TLSEXT_ERR_ALERT_FATAL; } - APR_ARRAY_PUSH(client_protos, char*) = + APR_ARRAY_PUSH(client_protos, char *) = apr_pstrndup(c->pool, (const char *)in+i, plen); i += plen; } - + proposed_protos = apr_array_make(c->pool, client_protos->nelts+1, sizeof(char *)); - + if (sslconn->alpn_proposefns != NULL) { - /* Invoke our alpn_propos_proto hooks, giving other modules a chance to + /* Invoke our alpn_propose functions, giving other modules a chance to * propose protocol names for selection. We might have several such - * hooks installed and if two make a proposal, we need to give + * functions installed and if two make a proposal, we need to give * preference to one. */ for (i = 0; i < sslconn->alpn_proposefns->nelts; i++) { ssl_alpn_propose_protos fn = APR_ARRAY_IDX(sslconn->alpn_proposefns, i, ssl_alpn_propose_protos); - + if (fn(c, client_protos, proposed_protos) == DONE) break; } @@ -2286,17 +2285,17 @@ int ssl_callback_alpn_select(SSL *ssl, *outlen = (unsigned char)strlen(alpn_http1); return SSL_TLSEXT_ERR_OK; } - + /* Now select the most preferred protocol from the proposals. */ *out = APR_ARRAY_IDX(proposed_protos, 0, const unsigned char *); for (i = 1; i < proposed_protos->nelts; ++i) { - const char *proto = APR_ARRAY_IDX(proposed_protos, i, const char*); + const char *proto = APR_ARRAY_IDX(proposed_protos, i, const char *); /* Do we prefer it over existing candidate? */ if (ssl_cmp_alpn_protos(mctx, (const char *)*out, proto) < 0) { - *out = (const unsigned char*)proto; + *out = (const unsigned char *)proto; } } - + len = strlen((const char*)*out); if (len > 255) { ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02840) diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h index 91d5068410..8a441f1c05 100644 --- a/modules/ssl/ssl_private.h +++ b/modules/ssl/ssl_private.h @@ -440,8 +440,8 @@ typedef struct { #ifdef HAVE_TLS_ALPN /* Poor man's inter-module optional hooks for ALPN. */ - apr_array_header_t *alpn_proposefns; /* list of ssl_alpn_propose_protos callbacks */ - apr_array_header_t *alpn_negofns; /* list of ssl_alpn_proto_negotiated callbacks. */ + apr_array_header_t *alpn_proposefns; /* list of ALPN propose callbacks */ + apr_array_header_t *alpn_negofns; /* list of ALPN negotiation callbacks. */ #endif server_rec *server; @@ -626,7 +626,7 @@ typedef struct { #endif #ifdef HAVE_TLS_ALPN - apr_array_header_t *ssl_alpn_pref; /* protocol names in order of preference */ + apr_array_header_t *ssl_alpn_pref; /* list of ALPN protocol IDs */ #endif } modssl_ctx_t; |