luo980/curl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

vtls: use ALPN HTTP/1.0 when HTTP/1.0 is used

Browse Source 
Previously libcurl would use the HTTP/1.1 ALPN id even when the
application specified HTTP/1.0.

Reported-by: William Tang
Ref: #10183
This commit is contained in:
Daniel Stenberg 2022-12-30 17:37:11 +01:00
parent 49f39dfac9
commit df856cb5c9
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
10 changed files with 164 additions and 92 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
lib/vtls/bearssl.c
View File

@ -698,19 +698,25 @@ static CURLcode bearssl_connect_step1(struct Curl_cfilter *cf,
* protocols array in `struct ssl_backend_data`. * protocols array in `struct ssl_backend_data`.
*/ */
#ifdef USE_HTTP2 if(data->state.httpwant == CURL_HTTP_VERSION_1_0) {
if(data->state.httpwant >= CURL_HTTP_VERSION_2 backend->protocols[cur++] = ALPN_HTTP_1_0;
#ifndef CURL_DISABLE_PROXY infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_0);
&& (!Curl_ssl_cf_is_proxy(cf) || !cf->conn->bits.tunnel_proxy)
#endif
) {
backend->protocols[cur++] = ALPN_H2;
infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_H2);
} }
else {
#ifdef USE_HTTP2
if(data->state.httpwant >= CURL_HTTP_VERSION_2
#ifndef CURL_DISABLE_PROXY
&& (!Curl_ssl_cf_is_proxy(cf) || !cf->conn->bits.tunnel_proxy)
#endif
) {
backend->protocols[cur++] = ALPN_H2;
infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_H2);
}
#endif #endif
backend->protocols[cur++] = ALPN_HTTP_1_1; backend->protocols[cur++] = ALPN_HTTP_1_1;
infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_1); infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_1);
}
br_ssl_engine_set_protocol_names(&backend->ctx.eng, br_ssl_engine_set_protocol_names(&backend->ctx.eng,
backend->protocols, cur); backend->protocols, cur);

33
lib/vtls/gtls.c
View File

@ -704,23 +704,28 @@ gtls_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data)
int cur = 0; int cur = 0;
gnutls_datum_t protocols[2]; gnutls_datum_t protocols[2];
#ifdef USE_HTTP2 if(data->state.httpwant == CURL_HTTP_VERSION_1_0) {
if(data->state.httpwant >= CURL_HTTP_VERSION_2 protocols[cur].data = (unsigned char *)ALPN_HTTP_1_0;
#ifndef CURL_DISABLE_PROXY protocols[cur++].size = ALPN_HTTP_1_0_LENGTH;
&& (!Curl_ssl_cf_is_proxy(cf) || !cf->conn->bits.tunnel_proxy) infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_0);
#endif
) {
protocols[cur].data = (unsigned char *)ALPN_H2;
protocols[cur].size = ALPN_H2_LENGTH;
cur++;
infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_H2);
} }
else {
#ifdef USE_HTTP2
if(data->state.httpwant >= CURL_HTTP_VERSION_2
#ifndef CURL_DISABLE_PROXY
&& (!Curl_ssl_cf_is_proxy(cf) || !cf->conn->bits.tunnel_proxy)
#endif
) {
protocols[cur].data = (unsigned char *)ALPN_H2;
protocols[cur++].size = ALPN_H2_LENGTH;
infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_H2);
}
#endif #endif
protocols[cur].data = (unsigned char *)ALPN_HTTP_1_1; protocols[cur].data = (unsigned char *)ALPN_HTTP_1_1;
protocols[cur].size = ALPN_HTTP_1_1_LENGTH; protocols[cur++].size = ALPN_HTTP_1_1_LENGTH;
cur++; infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_1);
infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_1); }
if(gnutls_alpn_set_protocols(backend->gtls.session, protocols, cur, 0)) { if(gnutls_alpn_set_protocols(backend->gtls.session, protocols, cur, 0)) {
failf(data, "failed setting ALPN"); failf(data, "failed setting ALPN");

11
lib/vtls/mbedtls.c
View File

@ -650,11 +650,16 @@ mbed_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data)
#ifdef HAS_ALPN #ifdef HAS_ALPN
if(cf->conn->bits.tls_enable_alpn) { if(cf->conn->bits.tls_enable_alpn) {
const char **p = &backend->protocols[0]; const char **p = &backend->protocols[0];
if(data->state.httpwant == CURL_HTTP_VERSION_1_0) {
*p++ = ALPN_HTTP_1_0;
}
else {
#ifdef USE_HTTP2 #ifdef USE_HTTP2
if(data->state.httpwant >= CURL_HTTP_VERSION_2) if(data->state.httpwant >= CURL_HTTP_VERSION_2)
*p++ = ALPN_H2; *p++ = ALPN_H2;
#endif #endif
*p++ = ALPN_HTTP_1_1; *p++ = ALPN_HTTP_1_1;
}
*p = NULL; *p = NULL;
/* this function doesn't clone the protocols array, which is why we need /* this function doesn't clone the protocols array, which is why we need
to keep it around */ to keep it around */

35
lib/vtls/nss.c
View File

@ -896,6 +896,10 @@ static void HandshakeCallback(PRFileDesc *sock, void *arg)
!memcmp(ALPN_HTTP_1_1, buf, ALPN_HTTP_1_1_LENGTH)) { !memcmp(ALPN_HTTP_1_1, buf, ALPN_HTTP_1_1_LENGTH)) {
cf->conn->alpn = CURL_HTTP_VERSION_1_1; cf->conn->alpn = CURL_HTTP_VERSION_1_1;
} }
else if(buflen == ALPN_HTTP_1_0_LENGTH &&
!memcmp(ALPN_HTTP_1_0, buf, ALPN_HTTP_1_0_LENGTH)) {
cf->conn->alpn = CURL_HTTP_VERSION_1_0;
}
/* This callback might get called when PR_Recv() is used within /* This callback might get called when PR_Recv() is used within
* close_one() during a connection shutdown. At that point there might not * close_one() during a connection shutdown. At that point there might not
@ -2167,20 +2171,27 @@ static CURLcode nss_setup_connect(struct Curl_cfilter *cf,
int cur = 0; int cur = 0;
unsigned char protocols[128]; unsigned char protocols[128];
#ifdef USE_HTTP2 if(data->state.httpwant == CURL_HTTP_VERSION_1_0) {
if(data->state.httpwant >= CURL_HTTP_VERSION_2 protocols[cur++] = ALPN_HTTP_1_0_LENGTH;
#ifndef CURL_DISABLE_PROXY memcpy(&protocols[cur], ALPN_HTTP_1_0, ALPN_HTTP_1_0_LENGTH);
&& (!Curl_ssl_cf_is_proxy(cf) || !cf->conn->bits.tunnel_proxy) cur += ALPN_HTTP_1_0_LENGTH;
#endif
) {
protocols[cur++] = ALPN_H2_LENGTH;
memcpy(&protocols[cur], ALPN_H2, ALPN_H2_LENGTH);
cur += ALPN_H2_LENGTH;
} }
else {
#ifdef USE_HTTP2
if(data->state.httpwant >= CURL_HTTP_VERSION_2
#ifndef CURL_DISABLE_PROXY
&& (!Curl_ssl_cf_is_proxy(cf) || !cf->conn->bits.tunnel_proxy)
#endif #endif
protocols[cur++] = ALPN_HTTP_1_1_LENGTH; ) {
memcpy(&protocols[cur], ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH); protocols[cur++] = ALPN_H2_LENGTH;
cur += ALPN_HTTP_1_1_LENGTH; memcpy(&protocols[cur], ALPN_H2, ALPN_H2_LENGTH);
cur += ALPN_H2_LENGTH;
}
#endif
protocols[cur++] = ALPN_HTTP_1_1_LENGTH;
memcpy(&protocols[cur], ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH);
cur += ALPN_HTTP_1_1_LENGTH;
}
if(SSL_SetNextProtoNego(backend->handle, protocols, cur) != SECSuccess) if(SSL_SetNextProtoNego(backend->handle, protocols, cur) != SECSuccess)
goto error; goto error;

39
lib/vtls/openssl.c
View File

@ -3642,25 +3642,32 @@ static CURLcode ossl_connect_step1(struct Curl_cfilter *cf,
int cur = 0; int cur = 0;
unsigned char protocols[128]; unsigned char protocols[128];
#ifdef USE_HTTP2 if(data->state.httpwant == CURL_HTTP_VERSION_1_0) {
if(data->state.httpwant >= CURL_HTTP_VERSION_2 protocols[cur++] = ALPN_HTTP_1_0_LENGTH;
#ifndef CURL_DISABLE_PROXY memcpy(&protocols[cur], ALPN_HTTP_1_0, ALPN_HTTP_1_0_LENGTH);
&& (!Curl_ssl_cf_is_proxy(cf) || !cf->conn->bits.tunnel_proxy) cur += ALPN_HTTP_1_0_LENGTH;
#endif infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_0);
) {
protocols[cur++] = ALPN_H2_LENGTH;
memcpy(&protocols[cur], ALPN_H2, ALPN_H2_LENGTH);
cur += ALPN_H2_LENGTH;
infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_H2);
} }
else {
#ifdef USE_HTTP2
if(data->state.httpwant >= CURL_HTTP_VERSION_2
#ifndef CURL_DISABLE_PROXY
&& (!Curl_ssl_cf_is_proxy(cf) || !cf->conn->bits.tunnel_proxy)
#endif
) {
protocols[cur++] = ALPN_H2_LENGTH;
memcpy(&protocols[cur], ALPN_H2, ALPN_H2_LENGTH);
cur += ALPN_H2_LENGTH;
infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_H2);
}
#endif #endif
protocols[cur++] = ALPN_HTTP_1_1_LENGTH; protocols[cur++] = ALPN_HTTP_1_1_LENGTH;
memcpy(&protocols[cur], ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH); memcpy(&protocols[cur], ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH);
cur += ALPN_HTTP_1_1_LENGTH; cur += ALPN_HTTP_1_1_LENGTH;
infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_1); infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_1);
}
/* expects length prefixed preference ordered list of protocols in wire /* expects length prefixed preference ordered list of protocols in wire
* format * format
*/ */

36
lib/vtls/rustls.c
View File

@ -349,22 +349,40 @@ cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data,
char errorbuf[256]; char errorbuf[256];
size_t errorlen; size_t errorlen;
int result; int result;
rustls_slice_bytes alpn[2] = {
{ (const uint8_t *)ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH },
{ (const uint8_t *)ALPN_H2, ALPN_H2_LENGTH },
};
DEBUGASSERT(backend); DEBUGASSERT(backend);
rconn = backend->conn; rconn = backend->conn;
config_builder = rustls_client_config_builder_new(); config_builder = rustls_client_config_builder_new();
if(data->state.httpwant == CURL_HTTP_VERSION_1_0) {
rustls_slice_bytes alpn[] = {
{ (const uint8_t *)ALPN_HTTP_1_0, ALPN_HTTP_1_0_LENGTH }
};
infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_0);
rustls_client_config_builder_set_alpn_protocols(config_builder, alpn, 1);
}
else {
rustls_slice_bytes alpn[2] = {
{ (const uint8_t *)ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH },
{ (const uint8_t *)ALPN_H2, ALPN_H2_LENGTH },
};
#ifdef USE_HTTP2 #ifdef USE_HTTP2
infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_H2); if(data->state.httpwant >= CURL_HTTP_VERSION_2
rustls_client_config_builder_set_alpn_protocols(config_builder, alpn, 2); #ifndef CURL_DISABLE_PROXY
#else && (!Curl_ssl_cf_is_proxy(cf) || !cf->conn->bits.tunnel_proxy)
rustls_client_config_builder_set_alpn_protocols(config_builder, alpn, 1);
#endif #endif
infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_1); ) {
infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_1);
infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_H2);
rustls_client_config_builder_set_alpn_protocols(config_builder, alpn, 2);
}
else
#endif
{
infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_1);
rustls_client_config_builder_set_alpn_protocols(config_builder, alpn, 1);
}
}
if(!verifypeer) { if(!verifypeer) {
rustls_client_config_builder_dangerous_set_certificate_verifier( rustls_client_config_builder_dangerous_set_certificate_verifier(
config_builder, cr_verify_none); config_builder, cr_verify_none);

28
lib/vtls/schannel.c
View File

@ -1215,19 +1215,27 @@ schannel_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data)
list_start_index = cur; list_start_index = cur;
#ifdef USE_HTTP2 if(data->state.httpwant == CURL_HTTP_VERSION_1_0) {
if(data->state.httpwant >= CURL_HTTP_VERSION_2) { alpn_buffer[cur++] = ALPN_HTTP_1_0_LENGTH;
alpn_buffer[cur++] = ALPN_H2_LENGTH; memcpy(&alpn_buffer[cur], ALPN_HTTP_1_0, ALPN_HTTP_1_0_LENGTH);
memcpy(&alpn_buffer[cur], ALPN_H2, ALPN_H2_LENGTH); cur += ALPN_HTTP_1_0_LENGTH;
cur += ALPN_H2_LENGTH; infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_0);
infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_H2);
} }
else {
#ifdef USE_HTTP2
if(data->state.httpwant >= CURL_HTTP_VERSION_2) {
alpn_buffer[cur++] = ALPN_H2_LENGTH;
memcpy(&alpn_buffer[cur], ALPN_H2, ALPN_H2_LENGTH);
cur += ALPN_H2_LENGTH;
infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_H2);
}
#endif #endif
alpn_buffer[cur++] = ALPN_HTTP_1_1_LENGTH; alpn_buffer[cur++] = ALPN_HTTP_1_1_LENGTH;
memcpy(&alpn_buffer[cur], ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH); memcpy(&alpn_buffer[cur], ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH);
cur += ALPN_HTTP_1_1_LENGTH; cur += ALPN_HTTP_1_1_LENGTH;
infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_1); infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_1);
}
*list_len = curlx_uitous(cur - list_start_index); *list_len = curlx_uitous(cur - list_start_index);
*extension_len = *list_len + sizeof(unsigned int) + sizeof(unsigned short); *extension_len = *list_len + sizeof(unsigned int) + sizeof(unsigned short);

27
lib/vtls/sectransp.c
View File

@ -1790,20 +1790,25 @@ static CURLcode sectransp_connect_step1(struct Curl_cfilter *cf,
CFMutableArrayRef alpnArr = CFArrayCreateMutable(NULL, 0, CFMutableArrayRef alpnArr = CFArrayCreateMutable(NULL, 0,
&kCFTypeArrayCallBacks); &kCFTypeArrayCallBacks);
#ifdef USE_HTTP2 if(data->state.httpwant == CURL_HTTP_VERSION_1_0) {
if(data->state.httpwant >= CURL_HTTP_VERSION_2 CFArrayAppendValue(alpnArr, CFSTR(ALPN_HTTP_1_0));
#ifndef CURL_DISABLE_PROXY infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_0);
&& (!isproxy || !cf->conn->bits.tunnel_proxy)
#endif
) {
CFArrayAppendValue(alpnArr, CFSTR(ALPN_H2));
infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_H2);
} }
else {
#ifdef USE_HTTP2
if(data->state.httpwant >= CURL_HTTP_VERSION_2
#ifndef CURL_DISABLE_PROXY
&& (!isproxy || !cf->conn->bits.tunnel_proxy)
#endif
) {
CFArrayAppendValue(alpnArr, CFSTR(ALPN_H2));
infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_H2);
}
#endif #endif
CFArrayAppendValue(alpnArr, CFSTR(ALPN_HTTP_1_1)); CFArrayAppendValue(alpnArr, CFSTR(ALPN_HTTP_1_1));
infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_1); infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_1);
}
/* expects length prefixed preference ordered list of protocols in wire /* expects length prefixed preference ordered list of protocols in wire
* format * format
*/ */

2
lib/vtls/vtls.h
View File

@ -69,6 +69,8 @@ CURLsslset Curl_init_sslset_nolock(curl_sslbackend id, const char *name,
/* see https://www.iana.org/assignments/tls-extensiontype-values/ */ /* see https://www.iana.org/assignments/tls-extensiontype-values/ */
#define ALPN_HTTP_1_1_LENGTH 8 #define ALPN_HTTP_1_1_LENGTH 8
#define ALPN_HTTP_1_1 "http/1.1" #define ALPN_HTTP_1_1 "http/1.1"
#define ALPN_HTTP_1_0_LENGTH 8
#define ALPN_HTTP_1_0 "http/1.0"
#define ALPN_H2_LENGTH 2 #define ALPN_H2_LENGTH 2
#define ALPN_H2 "h2" #define ALPN_H2 "h2"

19
lib/vtls/wolfssl.c
View File

@ -640,16 +640,21 @@ wolfssl_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data)
/* wolfSSL's ALPN protocol name list format is a comma separated string of /* wolfSSL's ALPN protocol name list format is a comma separated string of
protocols in descending order of preference, eg: "h2,http/1.1" */ protocols in descending order of preference, eg: "h2,http/1.1" */
#ifdef USE_HTTP2 if(data->state.httpwant == CURL_HTTP_VERSION_1_0) {
if(data->state.httpwant >= CURL_HTTP_VERSION_2) { strcpy(protocols, ALPN_HTTP_1_0);
strcpy(protocols + strlen(protocols), ALPN_H2 ","); infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_0);
infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_H2);
} }
else {
#ifdef USE_HTTP2
if(data->state.httpwant >= CURL_HTTP_VERSION_2) {
strcpy(protocols + strlen(protocols), ALPN_H2 ",");
infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_H2);
}
#endif #endif
strcpy(protocols + strlen(protocols), ALPN_HTTP_1_1); strcpy(protocols + strlen(protocols), ALPN_HTTP_1_1);
infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_1); infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_1);
}
if(wolfSSL_UseALPN(backend->handle, protocols, if(wolfSSL_UseALPN(backend->handle, protocols,
(unsigned)strlen(protocols), (unsigned)strlen(protocols),
WOLFSSL_ALPN_CONTINUE_ON_MISMATCH) != SSL_SUCCESS) { WOLFSSL_ALPN_CONTINUE_ON_MISMATCH) != SSL_SUCCESS) {