Feature #9390
closedSupport for the ALPN TLS extension
Description
ALPN [1] is a successor [2] to NPN, support for which was added in 2.0.0 [3].
HTTP/2 [4] is using ALPN to negotiate protocol support, and the spec is moving fast -- it'd be great to have ALPN support in one of the upcoming Ruby releases. Current status of ALPN support in various TLS libraries and languages: https://github.com/http2/http2-spec/wiki/ALPN-Status.
As a side note, for anyone interested, I have an implementation of draft-06 http/2 spec: https://github.com/igrigorik/http-2
[1] http://tools.ietf.org/html/draft-friedl-tls-applayerprotoneg-02
[2] https://www.imperialviolet.org/2013/03/20/alpn.html
[3] https://bugs.ruby-lang.org/issues/6503
[4] http://tools.ietf.org/html/draft-ietf-httpbis-http2-00
Files
Updated by drbrain (Eric Hodel) over 9 years ago
- Status changed from Open to Assigned
- Assignee set to MartinBosslet (Martin Bosslet)
Updated by cabo (Carsten Bormann) almost 9 years ago
Note that RFC 7301 has published: http://tools.ietf.org/html/rfc7301
HTTP/2 is nearing completion and requires ALPN, so if Ruby wants to play in this space, ALPN needs to be done with high priority now.
Updated by igrigorik (Ilya Grigorik) over 8 years ago
Carsten Bormann wrote:
Note that RFC 7301 has published: http://tools.ietf.org/html/rfc7301
HTTP/2 is nearing completion and requires ALPN, so if Ruby wants to play in this space, ALPN needs to be done with high priority now.
+1. Anything we can do to move this forward?
Updated by normalperson (Eric Wong) over 8 years ago
ilya@igvita.com wrote:
+1. Anything we can do to move this forward?
A patch and test cases would be nice.
I'm mildly interested in this, too, but don't trust myself with OpenSSL.
Updated by normalperson (Eric Wong) over 8 years ago
Note: ALPN requires OpenSSL 1.0.2, which is only in beta3 as of now
(2014/12/24). I suspect few are willing to use a beta version
of OpenSSL on their servers. But I look forward to this feature.
Updated by tbetbetbe (Tim Emiola) over 8 years ago
FYI: ALPN support landed in the recent 1.0.2 version release of openssl.
Updated by tenderlovemaking (Aaron Patterson) almost 8 years ago
- File 0001-add-ALPN-extension-support.patch added
Hi, I've attached a patch that adds ALPN support. I'll apply in a week if no one has objections!
Thanks!!
Updated by normalperson (Eric Wong) almost 8 years ago
tenderlove@ruby-lang.org wrote:
+ssl_alpn_select_cb(SSL *ssl, const unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg) +{ + int i = 0; + VALUE sslctx_obj, cb, protocols, selected; + + sslctx_obj = (VALUE) arg; + cb = rb_iv_get(sslctx_obj, "@alpn_select_cb"); + protocols = rb_ary_new(); + + /* The format is len_1|proto_1|...|len_n|proto_n\0 */ + while (in[i]) { + VALUE protocol = rb_str_new((const char *) &in[i + 1], in[i]); + rb_ary_push(protocols, protocol); + i += in[i] + 1; + } + + selected = rb_funcall(cb, rb_intern("call"), 1, protocols); + StringValue(selected); + *out = (unsigned char *) StringValuePtr(selected); + *outlen = RSTRING_LENINT(selected);
I think we need to keep ‘selected
’ markable by GC as long as anything
may use ‘out
’ . Otherwise ‘out
’ can refer to a freed region.
Perhaps add the following here:
rb_iv_set(sslctx_obj, "@_alpn_selected", selected);
Side note: StringValue
is redundant if using StringValuePtr
Haven't looked at the rest closely, but that jumped out at me.
Updated by tenderlovemaking (Aaron Patterson) almost 8 years ago
I think we need to keep ‘selected’ markable by GC as long as anything
may use ‘out’ . Otherwise ‘out’ can refer to a freed region.Perhaps add the following here:
rb_iv_set(sslctx_obj, "@_alpn_selected", selected);
Side note: StringValue is redundant if using StringValuePtr
Thanks for spotting these! I've attached a new patch with these changes.
Updated by tenderlovemaking (Aaron Patterson) almost 8 years ago
- File deleted (
0001-add-ALPN-extension-support.patch)
Updated by Anonymous almost 8 years ago
- Status changed from Assigned to Closed
Applied in changeset r51347.
-
ext/openssl/ossl_ssl.c: add ALPN support. [Feature #9390]
-
ext/openssl/extconf.rb: detect ALPN support in OpenSSL
-
test/openssl/test_ssl.rb: test for ALPN