nghttp2/nghttp2
1
0
Fork 0
mirror of https://github.com/nghttp2/nghttp2.git synced 2025-12-07 02:28:53 +08:00
Code Issues Projects Releases Wiki Activity

nghttpx: Drop HTTP/2 backend connection unless TLSv1.2 or TLSv1.1 was negotiated

Browse Source
This commit is contained in:
Tatsuhiro Tsujikawa
2014-04-26 23:00:58 +09:00
parent 75bfbc94dd
commit a82b7f09c8
2 changed files with 19 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/shrpx_http2_session.cc
View File

@@ -257,12 +257,21 @@ void eventcb(bufferevent *bev, short events, void *ptr)
SSLOG(INFO, http2session) << "Connection established"; SSLOG(INFO, http2session) << "Connection established";
} }
http2session->set_state(Http2Session::CONNECTED); http2session->set_state(Http2Session::CONNECTED);
if((!get_config()->downstream_no_tls && if(!get_config()->downstream_no_tls) {
!get_config()->insecure && http2session->check_cert() != 0) || if(!ssl::check_http2_requirement(http2session->get_ssl()) ||
http2session->on_connect() != 0) { (!get_config()->insecure && http2session->check_cert() != 0)) {
http2session->disconnect();
return;
}
}
if(http2session->on_connect() != 0) {
http2session->disconnect(); http2session->disconnect();
return; return;
} }
int fd = bufferevent_getfd(bev); int fd = bufferevent_getfd(bev);
int val = 1; int val = 1;
if(setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, if(setsockopt(fd, IPPROTO_TCP, TCP_NODELAY,
@@ -1384,4 +1393,9 @@ size_t Http2Session::get_outbuf_length() const
} }
} }
SSL* Http2Session::get_ssl() const
{
return ssl_;
}
} // namespace shrpx } // namespace shrpx

2
src/shrpx_http2_session.h
View File

@@ -106,6 +106,8 @@ public:
size_t get_outbuf_length() const; size_t get_outbuf_length() const;
SSL* get_ssl() const;
enum { enum {
// Disconnected // Disconnected
DISCONNECTED, DISCONNECTED,