Skip to content

Instantly share code, notes, and snippets.

@alexzorin
Created June 7, 2018 02:59
Show Gist options
  • Save alexzorin/916162e04357d298fb23c4d7c509097d to your computer and use it in GitHub Desktop.
Save alexzorin/916162e04357d298fb23c4d7c509097d to your computer and use it in GitHub Desktop.
#include "httpd.h"
#include "http_config.h"
#include "http_protocol.h"
#include <http_log.h>
#include "ap_config.h"
#define AP_PROTOCOL_ACME_ALPN "acme/tls-1"
static int acme_alpn_protocol_propose(conn_rec *c, request_rec *r,
server_rec *s,
const apr_array_header_t *offers,
apr_array_header_t *proposals)
{
ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, c, "In protocol_propose");
if (!offers)
{
return DECLINED;
}
const char *offer = AP_PROTOCOL_ACME_ALPN;
if (ap_array_str_contains(offers, offer))
{
ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, c, "protocol_propose: Proposing %s", offer);
APR_ARRAY_PUSH(proposals, const char*) = offer;
return OK;
}
return DECLINED;
}
static int acme_alpn_protocol_switch(conn_rec *c, request_rec *r, server_rec *s,
const char *protocol)
{
ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, c, "In protocol_switch");
/* Can't override the ServerHello lol! */
return OK;
}
static const char *acme_alpn_protocol_get(const conn_rec *c)
{
ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, c, "In protocol_get: NULL");
return NULL;
}
void acme_alpn_register_hooks(apr_pool_t *pool)
{
ap_hook_protocol_propose(acme_alpn_protocol_propose, NULL, NULL, APR_HOOK_MIDDLE);
ap_hook_protocol_switch(acme_alpn_protocol_switch, NULL, NULL, APR_HOOK_MIDDLE);
ap_hook_protocol_get(acme_alpn_protocol_get, NULL, NULL, APR_HOOK_MIDDLE);
}
module AP_MODULE_DECLARE_DATA acme_alpn_module =
{
STANDARD20_MODULE_STUFF,
NULL, /* Per-directory configuration handler */
NULL, /* Merge handler for per-directory configurations */
NULL, /* Per-server configuration handler */
NULL, /* Merge handler for per-server configurations */
NULL, /* Any directives we may have for httpd */
acme_alpn_register_hooks /* Our hook registering function */
};
@dol
Copy link

dol commented Sep 1, 2018

I found your httpd module in the forum and wanted to test it out. https://community.letsencrypt.org/t/so-how-are-we-bringing-tls-alpn-to-the-masses/63824

I looked at the code of your module and the implementaton of the http2 module. I wondered why it's not working. The cause was the wrong protocol name. acme/tls-1 should be acme-tls/1.

In my fork I created a docker test environment.

My successfull tests https://gist.github.com/dol/519f98d7c0d45d5b210f8753c05cf8b4#file-serverhello-png return acme-tls/1 in the ServerHello.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment