Google Git
Sign in
apache / trafficserver / f2af6f71d4b91e972d59783655baed387a5a6689 / . / iocore / net / SSLNextProtocolSet.cc
blob: 99df1f8a4db74bbb06d983f067e3dff4e93301a2 [file] [log] [blame]
/** @file
SSLNextProtocolSet
@section license License
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
#include "tscore/ink_config.h"
#include "ts/apidefs.h"
#include "tscore/ink_platform.h"
#include "P_SSLNextProtocolSet.h"
#include "tscpp/util/TextView.h"
// For currently defined protocol strings, see
// http://technotes.googlecode.com/git/nextprotoneg.html. The OpenSSL
// documentation tells us to return a string in "wire format". The
// draft NPN RFC helpfully refuses to document the wire format. The
// above link says we need to send length-prefixed strings, but does
// not say how many bytes the length is. For the record, it's 1.
unsigned char *
append_protocol(const char *proto, unsigned char *buf)
{
size_t sz = strlen(proto);
*buf++ = static_cast<unsigned char>(sz);
memcpy(buf, proto, sz);
return buf + sz;
}
bool
SSLNextProtocolSet::create_npn_advertisement(const SessionProtocolSet &enabled, unsigned char **npn, size_t *len) const
{
const SSLNextProtocolSet::NextProtocolEndpoint *ep;
unsigned char *advertised;
if (*npn) {
ats_free(*npn);
*npn = nullptr;
}
*len = 0;
for (ep = endpoints.head; ep != nullptr; ep = endpoints.next(ep)) {
ink_release_assert((strlen(ep->protocol) > 0));
*len += (strlen(ep->protocol) + 1);
}
*npn = advertised = static_cast<unsigned char *>(ats_malloc(*len));
if (!(*npn)) {
goto fail;
}
for (ep = endpoints.head; ep != nullptr; ep = endpoints.next(ep)) {
if (enabled.contains(globalSessionProtocolNameRegistry.toIndex(ts::TextView{ep->protocol, strlen(ep->protocol)}))) {
Debug("ssl", "advertising protocol %s, %p", ep->protocol, ep->endpoint);
advertised = append_protocol(ep->protocol, advertised);
}
}
return true;
fail:
ats_free(*npn);
*npn = nullptr;
*len = 0;
return false;
}
bool
SSLNextProtocolSet::registerEndpoint(const char *proto, Continuation *ep)
{
size_t len = strlen(proto);
// Both ALPN and NPN only allow 255 bytes of protocol name.
if (len > 255) {
return false;
}
if (!findEndpoint(reinterpret_cast<const unsigned char *>(proto), len)) {
this->endpoints.push(new NextProtocolEndpoint(proto, ep));
return true;
}
return false;
}
Continuation *
SSLNextProtocolSet::findEndpoint(const unsigned char *proto, unsigned len) const
{
for (const NextProtocolEndpoint *ep = this->endpoints.head; ep != nullptr; ep = this->endpoints.next(ep)) {
size_t sz = strlen(ep->protocol);
if (sz == len && memcmp(ep->protocol, proto, len) == 0) {
return ep->endpoint;
}
}
return nullptr;
}
SSLNextProtocolSet::SSLNextProtocolSet() {}
SSLNextProtocolSet::~SSLNextProtocolSet()
{
for (NextProtocolEndpoint *ep; (ep = this->endpoints.pop());) {
delete ep;
}
}
SSLNextProtocolSet::NextProtocolEndpoint::NextProtocolEndpoint(const char *_proto, Continuation *_ep)
: protocol(_proto), endpoint(_ep)
{
}
SSLNextProtocolSet::NextProtocolEndpoint::~NextProtocolEndpoint() {}