Commit a82b7f09 authored by Tatsuhiro Tsujikawa's avatar Tatsuhiro Tsujikawa

nghttpx: Drop HTTP/2 backend connection unless TLSv1.2 or TLSv1.1 was negotiated

parent 75bfbc94
...@@ -257,12 +257,21 @@ void eventcb(bufferevent *bev, short events, void *ptr) ...@@ -257,12 +257,21 @@ void eventcb(bufferevent *bev, short events, void *ptr)
SSLOG(INFO, http2session) << "Connection established"; SSLOG(INFO, http2session) << "Connection established";
} }
http2session->set_state(Http2Session::CONNECTED); http2session->set_state(Http2Session::CONNECTED);
if((!get_config()->downstream_no_tls && if(!get_config()->downstream_no_tls) {
!get_config()->insecure && http2session->check_cert() != 0) || if(!ssl::check_http2_requirement(http2session->get_ssl()) ||
http2session->on_connect() != 0) { (!get_config()->insecure && http2session->check_cert() != 0)) {
http2session->disconnect();
return;
}
}
if(http2session->on_connect() != 0) {
http2session->disconnect(); http2session->disconnect();
return; return;
} }
int fd = bufferevent_getfd(bev); int fd = bufferevent_getfd(bev);
int val = 1; int val = 1;
if(setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, if(setsockopt(fd, IPPROTO_TCP, TCP_NODELAY,
...@@ -1384,4 +1393,9 @@ size_t Http2Session::get_outbuf_length() const ...@@ -1384,4 +1393,9 @@ size_t Http2Session::get_outbuf_length() const
} }
} }
SSL* Http2Session::get_ssl() const
{
return ssl_;
}
} // namespace shrpx } // namespace shrpx
...@@ -106,6 +106,8 @@ public: ...@@ -106,6 +106,8 @@ public:
size_t get_outbuf_length() const; size_t get_outbuf_length() const;
SSL* get_ssl() const;
enum { enum {
// Disconnected // Disconnected
DISCONNECTED, DISCONNECTED,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment