Feature #9390
closedSupport for the ALPN TLS extension
Description
ALPN [1] is a successor [2] to NPN, support for which was added in 2.0.0 [3].
HTTP/2 [4] is using ALPN to negotiate protocol support, and the spec is moving fast -- it'd be great to have ALPN support in one of the upcoming Ruby releases. Current status of ALPN support in various TLS libraries and languages: https://github.com/http2/http2-spec/wiki/ALPN-Status.
As a side note, for anyone interested, I have an implementation of draft-06 http/2 spec: https://github.com/igrigorik/http-2
[1] http://tools.ietf.org/html/draft-friedl-tls-applayerprotoneg-02
[2] https://www.imperialviolet.org/2013/03/20/alpn.html
[3] https://bugs.ruby-lang.org/issues/6503
[4] http://tools.ietf.org/html/draft-ietf-httpbis-http2-00
Files
Updated by drbrain (Eric Hodel) almost 11 years ago
- Status changed from Open to Assigned
- Assignee set to MartinBosslet (Martin Bosslet)
Updated by cabo (Carsten Bormann) about 10 years ago
Note that RFC 7301 has published: http://tools.ietf.org/html/rfc7301
HTTP/2 is nearing completion and requires ALPN, so if Ruby wants to play in this space, ALPN needs to be done with high priority now.
Updated by igrigorik (Ilya Grigorik) almost 10 years ago
Carsten Bormann wrote:
Note that RFC 7301 has published: http://tools.ietf.org/html/rfc7301
HTTP/2 is nearing completion and requires ALPN, so if Ruby wants to play in this space, ALPN needs to be done with high priority now.
+1. Anything we can do to move this forward?
Updated by normalperson (Eric Wong) almost 10 years ago
ilya@igvita.com wrote:
+1. Anything we can do to move this forward?
A patch and test cases would be nice.
I'm mildly interested in this, too, but don't trust myself with OpenSSL.
Updated by normalperson (Eric Wong) almost 10 years ago
Note: ALPN requires OpenSSL 1.0.2, which is only in beta3 as of now
(2014/12/24). I suspect few are willing to use a beta version
of OpenSSL on their servers. But I look forward to this feature.
Updated by tbetbetbe (Tim Emiola) over 9 years ago
FYI: ALPN support landed in the recent 1.0.2 version release of openssl.
Updated by tenderlovemaking (Aaron Patterson) over 9 years ago
- File 0001-add-ALPN-extension-support.patch added
Hi, I've attached a patch that adds ALPN support. I'll apply in a week if no one has objections!
Thanks!!
Updated by normalperson (Eric Wong) over 9 years ago
tenderlove@ruby-lang.org wrote:
+ssl_alpn_select_cb(SSL *ssl, const unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg) +{ + int i = 0; + VALUE sslctx_obj, cb, protocols, selected; + + sslctx_obj = (VALUE) arg; + cb = rb_iv_get(sslctx_obj, "@alpn_select_cb"); + protocols = rb_ary_new(); + + /* The format is len_1|proto_1|...|len_n|proto_n\0 */ + while (in[i]) { + VALUE protocol = rb_str_new((const char *) &in[i + 1], in[i]); + rb_ary_push(protocols, protocol); + i += in[i] + 1; + } + + selected = rb_funcall(cb, rb_intern("call"), 1, protocols); + StringValue(selected); + *out = (unsigned char *) StringValuePtr(selected); + *outlen = RSTRING_LENINT(selected);
I think we need to keep ‘selected
’ markable by GC as long as anything
may use ‘out
’ . Otherwise ‘out
’ can refer to a freed region.
Perhaps add the following here:
rb_iv_set(sslctx_obj, "@_alpn_selected", selected);
Side note: StringValue
is redundant if using StringValuePtr
Haven't looked at the rest closely, but that jumped out at me.
Updated by tenderlovemaking (Aaron Patterson) over 9 years ago
I think we need to keep ‘selected’ markable by GC as long as anything
may use ‘out’ . Otherwise ‘out’ can refer to a freed region.Perhaps add the following here:
rb_iv_set(sslctx_obj, "@_alpn_selected", selected);
Side note: StringValue is redundant if using StringValuePtr
Thanks for spotting these! I've attached a new patch with these changes.
Updated by tenderlovemaking (Aaron Patterson) over 9 years ago
- File deleted (
0001-add-ALPN-extension-support.patch)
Updated by Anonymous over 9 years ago
- Status changed from Assigned to Closed
Applied in changeset r51347.
-
ext/openssl/ossl_ssl.c: add ALPN support. [Feature #9390]
-
ext/openssl/extconf.rb: detect ALPN support in OpenSSL
-
test/openssl/test_ssl.rb: test for ALPN