nghttpx: Fix missing ALPN validation (--npn-list)

This commit fixes the bug that ALPN validation does not occur when ALPN list is not sent from client.

nghttpx: Fix missing ALPN validation (--npn-list)
This commit fixes the bug that ALPN validation does not occur when ALPN list is not sent from client.
74754982 · Tatsuhiro Tsujikawa · a776b0db · 74754982
Commit 74754982 authored Jan 04, 2018 by Tatsuhiro Tsujikawa
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 18 deletions

src/shrpx_client_handler.cc src/shrpx_client_handler.cc +10 -18

No files found.
--- a/src/shrpx_client_handler.cc
+++ b/src/shrpx_client_handler.cc
@@ -556,28 +556,20 @@ int ClientHandler::validate_next_proto() {
  }
 #endif // OPENSSL_VERSION_NUMBER >= 0x10002000L

-  if (next_proto == nullptr) {
-    if (LOG_ENABLED(INFO)) {
-      CLOG(INFO, this) << "No protocol negotiated. Fallback to HTTP/1.1";
-    }
+  StringRef proto;

-    upstream_ = make_unique<HttpsUpstream>(this);
-    alpn_ = StringRef::from_lit("http/1.1");
+  if (next_proto) {
+    proto = StringRef{next_proto, next_proto_len};

-    // At this point, input buffer is already filled with some bytes.
-    // The read callback is not called until new data come. So consume
-    // input buffer here.
-    if (on_read() != 0) {
-      return -1;
+    if (LOG_ENABLED(INFO)) {
+      CLOG(INFO, this) << "The negotiated next protocol: " << proto;
+    }
+  } else {
+    if (LOG_ENABLED(INFO)) {
+      CLOG(INFO, this) << "No protocol negotiated. Fallback to HTTP/1.1";
    }

-    return 0;
-  }
-
-  auto proto = StringRef{next_proto, next_proto_len};
-
-  if (LOG_ENABLED(INFO)) {
-    CLOG(INFO, this) << "The negotiated next protocol: " << proto;
+    proto = StringRef::from_lit("http/1.1");
  }

  if (!tls::in_proto_list(get_config()->tls.npn_list, proto)) {