tls, crypto: add ALPN Support #2564
Conversation
shigeki
added
tls
| @@ -1154,6 +1163,12 @@ void SSLWrap<Base>::AddMethods(Environment* env, Handle<FunctionTemplate> t) { | |||
| env->SetProtoMethod(t, "setNPNProtocols", SetNPNProtocols); | |||
| #endif | |||
|
|
|||
| #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation | |||
| NODE_SET_PROTOTYPE_METHOD(t, "getALPNNegotiatedProtocol", | |||
There was a problem hiding this comment.
What if we will always set and declare them, but just leave their implementations empty in case of absent ALPN support?
There was a problem hiding this comment.
@shigeki I guess you can leave the #ifdef out. I remember from the last review that it looked like it wouldn't compile with ALPN disabled but maybe I saw that wrong.
There was a problem hiding this comment.
I removed #ifdef here and fixed to have declaration to avoid compile errors and also changed NODE_SET_PROTOTYPE_METHOD macro into env->SetProtoMethod.
|
@shigeki this test is awesome, thanks! Some nits, otherwise looking good. |
|
@indutny Thanks very much for your quick review. I fixed this according your comments and I also found that Test12 was wrong to be duplicated from Test11 and fixed it to the test case of Server: NPN, Client: Nothing. Can I land this? |
| @@ -951,9 +962,10 @@ exports.connect = function(/* [port, host], options, cb */) { | |||
| options.host || | |||
| (options.socket && options.socket._host) || | |||
| 'localhost', | |||
| NPN = {}, | |||
| NPN = {}, ALPN = {}, | |||
There was a problem hiding this comment.
Please put it on the next line.
There was a problem hiding this comment.
Okay, I will fix this.
|
The milestone was deleted not to block 4.0 release. @indutny Sorry, I am in a vacation from today and will work on this on the next Saturday. |
|
What's the status of this? I may have a future dependency on http2 in a project and no ALPN may be a blocker. |
|
In Chrome, "Disable HTTP/2 over NPN (with OpenSSL)" https://codereview.chromium.org/1387363004 was landed today. It is better to include this in 5.0 I've rebased this against the latest master and CI is https://ci.nodejs.org/job/node-test-commit/912/ . Something wrong with tests environments is on freebsd and windows and plinux test failures are tick-processor.js and test-debug-args.js that are nothing to do with this PR. Otherwise tests are green. @indutny Your comments are included in shigeki@9625a82. LGTM? |
|
@argon Sorry for being late. I've just update this. Thanks for patience. |
|
Thanks for the update! |
|
|
||
| <!-- type=misc --> | ||
|
|
||
| NPN (Next Protocol Negotiation) and SNI (Server Name Indication) are TLS | ||
| ALPN(Application-Layer Protocol Negotiation Extension), NPN (Next |
|
@nodejs/crypto I attempted a backport of this but all the tests blew up. This is touching far too much code for me to comfortable backport. Would someone be able to get a one in next week? |
|
Okay, I can work it next week. |
|
@MylesBorins I've just submitted the PR of #10831 . |
cherry-pick 802a2e7 from v6-staging. ALPN is added to tls according to RFC7301, which supersedes NPN. When the server receives both NPN and ALPN extensions from the client, ALPN takes precedence over NPN and the server does not send NPN extension to the client. alpnProtocol in TLSSocket always returns false when no selected protocol exists by ALPN. In https server, http/1.1 token is always set when no options.ALPNProtocols exists. PR-URL: #2564 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
cherry-pick 802a2e7 from v6-staging. ALPN is added to tls according to RFC7301, which supersedes NPN. When the server receives both NPN and ALPN extensions from the client, ALPN takes precedence over NPN and the server does not send NPN extension to the client. alpnProtocol in TLSSocket always returns false when no selected protocol exists by ALPN. In https server, http/1.1 token is always set when no options.ALPNProtocols exists. PR-URL: #2564 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
cherry-pick 802a2e7 from v6-staging. ALPN is added to tls according to RFC7301, which supersedes NPN. When the server receives both NPN and ALPN extensions from the client, ALPN takes precedence over NPN and the server does not send NPN extension to the client. alpnProtocol in TLSSocket always returns false when no selected protocol exists by ALPN. In https server, http/1.1 token is always set when no options.ALPNProtocols exists. PR-URL: #2564 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Notable Changes: * child_process: add shell option to spawn() (cjihrig) #4598 * crypto: * add ALPN Support (Shigeki Ohtsu) #2564 * allow adding extra certs to well-known CAs (Sam Roberts) #9139 * deps: * v8: expose statistics about heap spaces (Ben Ripkens) #4463 * fs: add the fs.mkdtemp() function. (Florian MARGAINE) #5333 * process: * add `externalMemory` to `process` (Fedor Indutny) #9587 * add process.cpuUsage() (Patrick Mueller) #10796
Notable Changes: * child_process: add shell option to spawn() (cjihrig) #4598 * crypto: * add ALPN Support (Shigeki Ohtsu) #2564 * allow adding extra certs to well-known CAs (Sam Roberts) #9139 * deps: * v8: expose statistics about heap spaces (Ben Ripkens) #4463 * fs: add the fs.mkdtemp() function. (Florian MARGAINE) #5333 * process: * add `externalMemory` to `process` (Fedor Indutny) #9587 * add process.cpuUsage() (Patrick Mueller) #10796 PR-URL: #10973
Notable Changes:
* child_process: add shell option to spawn() (cjihrig)
nodejs/node#4598
* crypto:
* add ALPN Support (Shigeki Ohtsu)
nodejs/node#2564
* allow adding extra certs to well-known CAs (Sam Roberts)
nodejs/node#9139
* deps:
* v8: expose statistics about heap spaces (Ben Ripkens)
nodejs/node#4463
* fs: add the fs.mkdtemp() function. (Florian MARGAINE)
nodejs/node#5333
* process:
* add `externalMemory` to `process` (Fedor Indutny)
nodejs/node#9587
* add process.cpuUsage() (Patrick Mueller)
nodejs/node#10796
Signed-off-by: Ilkka Myller <ilkka.myller@nodefield.com>
Notable Changes:
* child_process: add shell option to spawn() (cjihrig)
nodejs/node#4598
* crypto:
* add ALPN Support (Shigeki Ohtsu)
nodejs/node#2564
* allow adding extra certs to well-known CAs (Sam Roberts)
nodejs/node#9139
* deps:
* v8: expose statistics about heap spaces (Ben Ripkens)
nodejs/node#4463
* fs: add the fs.mkdtemp() function. (Florian MARGAINE)
nodejs/node#5333
* process:
* add `externalMemory` to `process` (Fedor Indutny)
nodejs/node#9587
* add process.cpuUsage() (Patrick Mueller)
nodejs/node#10796
Signed-off-by: Ilkka Myller <ilkka.myller@nodefield.com>
PR-URL: nodejs#54982 Refs: nodejs@aa0308d Refs: nodejs@9010f5f Refs: nodejs@52a40e0 Refs: nodejs@b3ef289 Refs: nodejs#2564 Refs: nodejs#25819 Refs: nodejs#27311 Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Moshe Atlow <moshe@atlow.co.il>
PR-URL: nodejs#54982 Refs: nodejs@aa0308d Refs: nodejs@9010f5f Refs: nodejs@52a40e0 Refs: nodejs@b3ef289 Refs: nodejs#2564 Refs: nodejs#25819 Refs: nodejs#27311 Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Moshe Atlow <moshe@atlow.co.il>
PR-URL: nodejs#54982 Refs: nodejs@aa0308d Refs: nodejs@9010f5f Refs: nodejs@52a40e0 Refs: nodejs@b3ef289 Refs: nodejs#2564 Refs: nodejs#25819 Refs: nodejs#27311 Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Moshe Atlow <moshe@atlow.co.il>
ALPN is added to tls according to RFC7301, which supersedes NPN.
When the server receives both NPN and ALPN extensions from the client, ALPN takes precedence over NPN and the server does not send NPN extension to the client. alpnProtocol in TLSSocket always returns false when no selected protocol exists by ALPN.
In https server, http/1.1 token is always set when no options.ALPNProtocols exists.
Here exist all 16x3 test cases of combination of ALPN and NPN in a server and a client. Tests shows that there are some inconsistent returns in NPN between the server and the client but they are not changed for compatibility.
NPN in Chrome will be deprecated in early 2016 as in http://blog.chromium.org/2015/02/hello-http2-goodbye-spdy-http-is_9.html so it is better to include ALPN support in Node 4.0.
R= @nodejs/crypto