Fijxu
/
nginx-quic
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SSL: only select SPDY using NPN if "spdy" is enabled. 

OpenSSL doesn't check if the negotiated protocol has been announced.
As a result, the client might force using SPDY even if it wasn't
enabled in configuration.
This commit is contained in:
Valentin Bartenev 2015-11-05 15:01:09 +03:00
parent f38b4d5a56
commit 144aa35280
1 changed files with 16 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
src/http/ngx_http_request.c
View File

@ -770,24 +770,32 @@ ngx_http_ssl_handshake_handler(ngx_connection_t *c)
{
unsigned int len;
const unsigned char *data;
ngx_http_connection_t *hc;
static const ngx_str_t spdy = ngx_string(NGX_SPDY_NPN_NEGOTIATED);
hc = c->data;
if (hc->addr_conf->spdy) {
#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
SSL_get0_alpn_selected(c->ssl->connection, &data, &len);
SSL_get0_alpn_selected(c->ssl->connection, &data, &len);
#ifdef TLSEXT_TYPE_next_proto_neg
if (len == 0) {
SSL_get0_next_proto_negotiated(c->ssl->connection, &data, &len);
}
if (len == 0) {
SSL_get0_next_proto_negotiated(c->ssl->connection, &data, &len);
}
#endif
#else /* TLSEXT_TYPE_next_proto_neg */
SSL_get0_next_proto_negotiated(c->ssl->connection, &data, &len);
SSL_get0_next_proto_negotiated(c->ssl->connection, &data, &len);
#endif
if (len == spdy.len && ngx_strncmp(data, spdy.data, spdy.len) == 0) {
ngx_http_spdy_init(c->read);
return;
if (len == spdy.len
&& ngx_strncmp(data, spdy.data, spdy.len) == 0)
{
ngx_http_spdy_init(c->read);
return;
}
}
}
#endif