Project

General

Profile

Actions

Feature #9390

closed

Support for the ALPN TLS extension

Added by igrigorik (Ilya Grigorik) about 10 years ago. Updated over 8 years ago.

Status:
Closed
Target version:
-
[ruby-core:<unknown>]

Description

ALPN [1] is a successor [2] to NPN, support for which was added in 2.0.0 [3].

HTTP/2 [4] is using ALPN to negotiate protocol support, and the spec is moving fast -- it'd be great to have ALPN support in one of the upcoming Ruby releases. Current status of ALPN support in various TLS libraries and languages: https://github.com/http2/http2-spec/wiki/ALPN-Status.

As a side note, for anyone interested, I have an implementation of draft-06 http/2 spec: https://github.com/igrigorik/http-2

[1] http://tools.ietf.org/html/draft-friedl-tls-applayerprotoneg-02
[2] https://www.imperialviolet.org/2013/03/20/alpn.html
[3] https://bugs.ruby-lang.org/issues/6503
[4] http://tools.ietf.org/html/draft-ietf-httpbis-http2-00


Files

0001-add-ALPN-extension-support.patch (7.78 KB) 0001-add-ALPN-extension-support.patch tenderlovemaking (Aaron Patterson), 07/15/2015 02:31 PM
Actions #1

Updated by drbrain (Eric Hodel) about 10 years ago

  • Status changed from Open to Assigned
  • Assignee set to MartinBosslet (Martin Bosslet)

Updated by cabo (Carsten Bormann) over 9 years ago

Note that RFC 7301 has published: http://tools.ietf.org/html/rfc7301

HTTP/2 is nearing completion and requires ALPN, so if Ruby wants to play in this space, ALPN needs to be done with high priority now.

Updated by igrigorik (Ilya Grigorik) over 9 years ago

Carsten Bormann wrote:

Note that RFC 7301 has published: http://tools.ietf.org/html/rfc7301

HTTP/2 is nearing completion and requires ALPN, so if Ruby wants to play in this space, ALPN needs to be done with high priority now.

+1. Anything we can do to move this forward?

Updated by normalperson (Eric Wong) over 9 years ago

wrote:

+1. Anything we can do to move this forward?

A patch and test cases would be nice.
I'm mildly interested in this, too, but don't trust myself with OpenSSL.

Updated by normalperson (Eric Wong) over 9 years ago

Note: ALPN requires OpenSSL 1.0.2, which is only in beta3 as of now
(2014/12/24). I suspect few are willing to use a beta version
of OpenSSL on their servers. But I look forward to this feature.

Updated by tbetbetbe (Tim Emiola) about 9 years ago

FYI: ALPN support landed in the recent 1.0.2 version release of openssl.

Updated by tenderlovemaking (Aaron Patterson) over 8 years ago

  • File 0001-add-ALPN-extension-support.patch added

Hi, I've attached a patch that adds ALPN support. I'll apply in a week if no one has objections!

Thanks!!

Updated by normalperson (Eric Wong) over 8 years ago

wrote:

+ssl_alpn_select_cb(SSL *ssl, const unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg)
+{
+    int i = 0;
+    VALUE sslctx_obj, cb, protocols, selected;
+
+    sslctx_obj = (VALUE) arg;
+    cb = rb_iv_get(sslctx_obj, "@alpn_select_cb");
+    protocols = rb_ary_new();
+
+    /* The format is len_1|proto_1|...|len_n|proto_n\0 */
+    while (in[i]) {
+	VALUE protocol = rb_str_new((const char *) &in[i + 1], in[i]);
+	rb_ary_push(protocols, protocol);
+	i += in[i] + 1;
+    }
+
+    selected = rb_funcall(cb, rb_intern("call"), 1, protocols);
+    StringValue(selected);
+    *out = (unsigned char *) StringValuePtr(selected);
+    *outlen = RSTRING_LENINT(selected);

I think we need to keep ‘selected’ markable by GC as long as anything
may use ‘out’ . Otherwise ‘out’ can refer to a freed region.

Perhaps add the following here:

rb_iv_set(sslctx_obj, "@_alpn_selected", selected);

Side note: StringValue is redundant if using StringValuePtr

Haven't looked at the rest closely, but that jumped out at me.

Updated by tenderlovemaking (Aaron Patterson) over 8 years ago

I think we need to keep ‘selected’ markable by GC as long as anything
may use ‘out’ . Otherwise ‘out’ can refer to a freed region.

Perhaps add the following here:

rb_iv_set(sslctx_obj, "@_alpn_selected", selected);
Side note: StringValue is redundant if using StringValuePtr

Thanks for spotting these! I've attached a new patch with these changes.

Actions #10

Updated by tenderlovemaking (Aaron Patterson) over 8 years ago

  • File deleted (0001-add-ALPN-extension-support.patch)
Actions #11

Updated by Anonymous over 8 years ago

  • Status changed from Assigned to Closed

Applied in changeset r51347.


  • ext/openssl/ossl_ssl.c: add ALPN support. [Feature #9390]

  • ext/openssl/extconf.rb: detect ALPN support in OpenSSL

  • test/openssl/test_ssl.rb: test for ALPN

Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0