polarssl: add ALPN support

PolarSSL added ALPN support in their 1.3.6 release. See: https://polarssl.org/tech-updates/releases/polarssl-1.3.6-released
2025-04-06 16:10:34 +08:00 · 2014-05-19 02:12:11 -07:00 · 2014-05-19 02:12:11 -07:00 · 1439dfb576
commit 1439dfb576
parent ac6da721a3
1 changed files with 46 additions and 2 deletions
--- a/lib/vtls/polarssl.c
+++ b/lib/vtls/polarssl.c
@ -119,6 +119,14 @@ static void polarssl_debug(void *context, int level, const char *line)
 #else
 #endif

+/* ALPN for http2? */
+#ifdef USE_NGHTTP2
+#  undef HAS_ALPN
+#  ifdef POLARSSL_SSL_ALPN
+#    define HAS_ALPN
+#  endif
+#endif
+
 static Curl_recv polarssl_recv;
 static Curl_send polarssl_send;

@ -139,11 +147,9 @@ polarssl_connect_step1(struct connectdata *conn,
 #endif
  void *old_session = NULL;
  size_t old_session_size = 0;
-
  char errorbuf[128];
  memset(errorbuf, 0, sizeof(errorbuf));

-
  /* PolarSSL only supports SSLv3 and TLSv1 */
  if(data->set.ssl.version == CURL_SSLVERSION_SSLv2) {
    failf(data, "PolarSSL does not support SSLv2");
@ -299,6 +305,19 @@ polarssl_connect_step1(struct connectdata *conn,
                 "server name indication (SNI) TLS extension\n");
  }

+#ifdef HAS_ALPN
+  if(data->set.httpversion == CURL_HTTP_VERSION_2_0) {
+    if(data->set.ssl_enable_alpn) {
+      static const char* protocols[] = {
+        NGHTTP2_PROTO_VERSION_ID, ALPN_HTTP_1_1, NULL
+      };
+      ssl_set_alpn_protocols(&connssl->ssl, protocols);
+      infof(data, "ALPN, offering %s, %s\n", protocols[0],
+            protocols[1]);
+    }
+  }
+#endif
+
 #ifdef POLARSSL_DEBUG
  ssl_set_dbg(&connssl->ssl, polarssl_debug, data);
 #endif
@ -317,6 +336,10 @@ polarssl_connect_step2(struct connectdata *conn,
  struct ssl_connect_data* connssl = &conn->ssl[sockindex];
  char buffer[1024];

+#ifdef HAS_ALPN
+  const char* next_protocol;
+#endif
+
  char errorbuf[128];
  memset(errorbuf, 0, sizeof(errorbuf));

@ -384,6 +407,27 @@ polarssl_connect_step2(struct connectdata *conn,
      infof(data, "Dumping cert info:\n%s\n", buffer);
  }

+#ifdef HAS_ALPN
+  if(data->set.ssl_enable_alpn) {
+    next_protocol = ssl_get_alpn_protocol(&connssl->ssl);
+
+    if(next_protocol != NULL) {
+      infof(data, "ALPN, server accepted to use %s\n", next_protocol);
+
+      if(strncmp(next_protocol, NGHTTP2_PROTO_VERSION_ID,
+                  NGHTTP2_PROTO_VERSION_ID_LEN)) {
+        conn->negnpn = NPN_HTTP2;
+      }
+      else if(strncmp(next_protocol, ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH)) {
+        conn->negnpn = NPN_HTTP1_1;
+      }
+    }
+    else {
+      infof(data, "ALPN, server did not agree to a protocol\n");
+    }
+  }
+#endif
+
  connssl->connecting_state = ssl_connect_3;
  infof(data, "SSL connected\n");