Project

General

Profile

Actions

Feature #9390

closed

Support for the ALPN TLS extension

Added by igrigorik (Ilya Grigorik) almost 11 years ago. Updated over 9 years ago.

Status:
Closed
Target version:
-
[ruby-core:<unknown>]

Description

ALPN [1] is a successor [2] to NPN, support for which was added in 2.0.0 [3].

HTTP/2 [4] is using ALPN to negotiate protocol support, and the spec is moving fast -- it'd be great to have ALPN support in one of the upcoming Ruby releases. Current status of ALPN support in various TLS libraries and languages: https://github.com/http2/http2-spec/wiki/ALPN-Status.

As a side note, for anyone interested, I have an implementation of draft-06 http/2 spec: https://github.com/igrigorik/http-2

[1] http://tools.ietf.org/html/draft-friedl-tls-applayerprotoneg-02
[2] https://www.imperialviolet.org/2013/03/20/alpn.html
[3] https://bugs.ruby-lang.org/issues/6503
[4] http://tools.ietf.org/html/draft-ietf-httpbis-http2-00


Files

0001-add-ALPN-extension-support.patch (7.78 KB) 0001-add-ALPN-extension-support.patch tenderlovemaking (Aaron Patterson), 07/15/2015 02:31 PM
Actions #1

Updated by drbrain (Eric Hodel) almost 11 years ago

  • Status changed from Open to Assigned
  • Assignee set to MartinBosslet (Martin Bosslet)

Updated by cabo (Carsten Bormann) over 10 years ago

Note that RFC 7301 has published: http://tools.ietf.org/html/rfc7301

HTTP/2 is nearing completion and requires ALPN, so if Ruby wants to play in this space, ALPN needs to be done with high priority now.

Updated by igrigorik (Ilya Grigorik) about 10 years ago

Carsten Bormann wrote:

Note that RFC 7301 has published: http://tools.ietf.org/html/rfc7301

HTTP/2 is nearing completion and requires ALPN, so if Ruby wants to play in this space, ALPN needs to be done with high priority now.

+1. Anything we can do to move this forward?

Updated by normalperson (Eric Wong) about 10 years ago

wrote:

+1. Anything we can do to move this forward?

A patch and test cases would be nice.
I'm mildly interested in this, too, but don't trust myself with OpenSSL.

Updated by normalperson (Eric Wong) almost 10 years ago

Note: ALPN requires OpenSSL 1.0.2, which is only in beta3 as of now
(2014/12/24). I suspect few are willing to use a beta version
of OpenSSL on their servers. But I look forward to this feature.

Updated by tbetbetbe (Tim Emiola) almost 10 years ago

FYI: ALPN support landed in the recent 1.0.2 version release of openssl.

Updated by tenderlovemaking (Aaron Patterson) over 9 years ago

  • File 0001-add-ALPN-extension-support.patch added

Hi, I've attached a patch that adds ALPN support. I'll apply in a week if no one has objections!

Thanks!!

Updated by normalperson (Eric Wong) over 9 years ago

wrote:

+ssl_alpn_select_cb(SSL *ssl, const unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg)
+{
+    int i = 0;
+    VALUE sslctx_obj, cb, protocols, selected;
+
+    sslctx_obj = (VALUE) arg;
+    cb = rb_iv_get(sslctx_obj, "@alpn_select_cb");
+    protocols = rb_ary_new();
+
+    /* The format is len_1|proto_1|...|len_n|proto_n\0 */
+    while (in[i]) {
+	VALUE protocol = rb_str_new((const char *) &in[i + 1], in[i]);
+	rb_ary_push(protocols, protocol);
+	i += in[i] + 1;
+    }
+
+    selected = rb_funcall(cb, rb_intern("call"), 1, protocols);
+    StringValue(selected);
+    *out = (unsigned char *) StringValuePtr(selected);
+    *outlen = RSTRING_LENINT(selected);

I think we need to keep ‘selected’ markable by GC as long as anything
may use ‘out’ . Otherwise ‘out’ can refer to a freed region.

Perhaps add the following here:

rb_iv_set(sslctx_obj, "@_alpn_selected", selected);

Side note: StringValue is redundant if using StringValuePtr

Haven't looked at the rest closely, but that jumped out at me.

Updated by tenderlovemaking (Aaron Patterson) over 9 years ago

I think we need to keep ‘selected’ markable by GC as long as anything
may use ‘out’ . Otherwise ‘out’ can refer to a freed region.

Perhaps add the following here:

rb_iv_set(sslctx_obj, "@_alpn_selected", selected);
Side note: StringValue is redundant if using StringValuePtr

Thanks for spotting these! I've attached a new patch with these changes.

Actions #10

Updated by tenderlovemaking (Aaron Patterson) over 9 years ago

  • File deleted (0001-add-ALPN-extension-support.patch)
Actions #11

Updated by Anonymous over 9 years ago

  • Status changed from Assigned to Closed

Applied in changeset r51347.


  • ext/openssl/ossl_ssl.c: add ALPN support. [Feature #9390]

  • ext/openssl/extconf.rb: detect ALPN support in OpenSSL

  • test/openssl/test_ssl.rb: test for ALPN

Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0