ALPN implementation for the updated SSLServiceDelegate #26
Conversation
…otiate the ALPN protocol based and select one
…alling some SSL APIs
|
Closing the PR until I find a way to check the OpenSSL version and make sure it's >= 1.0.2. |
|
@shmuelk FYI |
|
Please note also that the macOS build failed as well. |
|
Thanks @billabt I fixed the macOS issues. |
…able in all versions
|
I'm now testing the OpenSSL version number with the SSLeay() which can be found in any version of the library. |
|
Logic for checking the OpenSSL version will be moved to the OpenSSL package. |
This reverts commit 7112ba8.
…for BlueSocket to latest version, updated Swift version to 3.1.1.
Requires the BlueSocket pod to be updated first
…ency to latest version.
…ft 4 and Xcode 9.
…e default. Changed to use the proper default initializer. Also, added a defaulted parameter to that constructor allowing the caller to specify whether to accept self-signed server certificates when used in client mode.
|
Reopening after the OpenSSL PR #3 dependency has been merged making this PR ready to go. |
Sources/SSLService.swift
Outdated
| @@ -330,6 +333,20 @@ public class SSLService: SSLServiceDelegate { | |||
| public private(set) var context: SSLContext? | |||
|
|
|||
| #endif | |||
|
|
|||
| // MARK: ALPN | |||
There was a problem hiding this comment.
The ALPN protocol is currently only for Linux. Please wrapper the implementation (where appropriate) in #if os(Linux).
Sources/SSLService.swift
Outdated
| @@ -330,6 +333,20 @@ public class SSLService: SSLServiceDelegate { | |||
| public private(set) var context: SSLContext? | |||
|
|
|||
| #endif | |||
|
|
|||
| // MARK: ALPN | |||
There was a problem hiding this comment.
Please update code to the latest version in master. I merged another PR today to correct a crash problem that changed a few things. Thanks.
(even thous staus was 0)
Not sure why Xcode didn’t do this by default
This is getting embarrasing. How do I make Xcode match the style / use tabs? Missed these two
Application-Layer Protocol Negotiation (ALPN) is a TLS extension allows the application-layer to negotiate which protocol will by used over the secured socket.
The main motivation for adding this support to BlueSSLService is to add support for HTTP/2 which uses this extension to choose the newer version of HTTP over the older ones.
Description
This PR follows the BlueSocket PR #67 that added new field/function to the SSLServiceDelegate protocol.
In this PR the implementation uses the OpenSSL API to register callback functions that will negotiate for a protocol based on ALPN information arriving from the client within the ClientHello message.
The implementation tries to match a supported protocol from the availableAlpnProtocols list with the protocols requested by the client. If it will find a match the response will be sent back to the client and the selected protocol will be set in the negotiatedAlpnProtocol field.
Because of limitations of the Apple Secure Transport it is still unclear how and if ALPN negotiation is possible on MacOS.
In this PR we only support the Linux environment by integrating with the OpenSSL API.
Motivation and Context
The main motivation for adding this support to BlueSSLService is to add support for HTTP/2 which uses this extension to choose the newer version of HTTP over the older ones.
How Has This Been Tested?
It has been tested with broader changes to Kitura-net and a new package under development for adding HTTP/2 support to Kitura.
Checklist: