Support ALPN #30
Merged
Support ALPN #30
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dongbeiouba
requested changes
Sep 13, 2024
conn.go
Outdated
| var protoLen C.uint | ||
| C.SSL_get0_alpn_selected(c.ssl, &proto, &protoLen) | ||
| if protoLen == 0 { | ||
| return "", nil |
.gitignore
Outdated
| .idea/ | ||
|
|
||
| # crt and key files | ||
| *.crt |
There was a problem hiding this comment.
证书和密钥可能会更新或新增,不要放到.gitignore里面
shim.c
Outdated
| @@ -179,6 +179,10 @@ long X_SSL_CTX_set_tlsext_servername_callback( | |||
| return SSL_CTX_set_tlsext_servername_callback(ctx, cb); | |||
| } | |||
|
|
|||
| void X_SSL_CTX_set_alpn_select_cb(SSL_CTX* ctx, int (*cb)(SSL *ssl, const unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg), void *arg) { | |||
There was a problem hiding this comment.
直接调用SSL_CTX_set_alpn_select_cb就行,没必要封装成X_SSL_CTX_set_alpn_select_cb()
ntls_test.go
Outdated
| ret := ssl.SslSelectNextProto(out, outlen, unsafe.Pointer(&protoList[0]), uint(len(protoList)), in, inlen) | ||
|
|
||
| if ret != OPENSSL_NPN_NEGOTIATED { | ||
| return SSLTLSExtErrNoAck |
There was a problem hiding this comment.
协商失败应该返回SSL_TLSEXT_ERR_ALERT_FATAL
dongbeiouba
requested changes
Sep 13, 2024
examples/tlcp_server/main.go
Outdated
| @@ -101,6 +104,28 @@ func newNTLSServerWithSNI(acceptAddr string, certKeyPairs map[string]crypto.GMDo | |||
| return nil, err | |||
| } | |||
|
|
|||
| // Set ALPN callback | |||
| ctx.SetTLSExtAlpnCallback(func(ssl *ts.SSL, out unsafe.Pointer, outlen unsafe.Pointer, in unsafe.Pointer, inlen uint, arg unsafe.Pointer) ts.SSLTLSExtErr { | |||
There was a problem hiding this comment.
目前看觉得没有必要给应用提供SetTLSExtAlpnCallback接口,可以直接内部调用SSL_select_next_proto。
服务端设置ALPN无疑就是和客户端协商而已,所以可以统一客户和服务端接口即可。
ntls_test.go
Outdated
| @@ -608,15 +609,15 @@ func handleConn(conn net.Conn) { | |||
| } | |||
| } | |||
|
|
|||
| func TestSNI(t *testing.T) { | |||
| func TestSNIAndALPN(t *testing.T) { | |||
There was a problem hiding this comment.
SNI和ALPN测试分离,后面可能会包含更多扩展功能,独立测试
dongbeiouba
requested changes
Sep 18, 2024
ctx.go
Outdated
|
|
||
| // SetTLSExtAlpnCallback sets callback function for Application Layer Protocol Negotiation | ||
| // (ALPN) rfc7301 (https://tools.ietf.org/html/rfc7301). | ||
| func (c *Ctx) SetTLSExtAlpnCallback(alpn_cb TLSExtAlpnCallback, arg unsafe.Pointer) { |
ctx.go
Outdated
| } | ||
|
|
||
| // SetALPNProtos sets the ALPN protocol list | ||
| func (ctx *Ctx) SetALPNProtos(protos []string) error { |
There was a problem hiding this comment.
名字改一下,SetALPNProtos -> SetClientALPNProtos
examples/tlcp_server/main.go
Outdated
| @@ -101,6 +102,10 @@ func newNTLSServerWithSNI(acceptAddr string, certKeyPairs map[string]crypto.GMDo | |||
| return nil, err | |||
| } | |||
|
|
|||
| // Set ALPN | |||
| supportedProtos := []string{"h2", "http/1.1"} | |||
ssl.go
Outdated
| // It takes pointers to the output buffer, output length, server buffer, | ||
| // server length, input buffer, and input length as parameters. The function | ||
| // returns an integer indicating the result of the selection process. | ||
| func (s *SSL) SslSelectNextProto(out unsafe.Pointer, outlen unsafe.Pointer, server unsafe.Pointer, serverlen uint, in unsafe.Pointer, inlen uint) C.int { |
There was a problem hiding this comment.
SslSelectNextProto是不是也可以改成内部接口?没必要暴露吧
…he SSL/TLS context and connection handling. Added new constants, types, and functions to manage ALPN protocols. Implemented ALPN callback functions and integrated them into the server and client examples. Updated the Ctx struct to include an ALPN callback and provided methods to set ALPN protocols. Enhanced the client to specify and negotiate ALPN protocols. Added a method to retrieve the negotiated ALPN protocol from a connection. Fixed minor typos in existing constants.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Added new constants, types, and functions to manage ALPN protocols.
Implemented ALPN callback functions and integrated them into the server and client examples.
Updated the Ctx struct to include an ALPN callback and provided methods to set ALPN protocols.
Enhanced the client to specify and negotiate ALPN protocols.
Added a method to retrieve the negotiated ALPN protocol from a connection.
Fixed minor typos in existing constants.