trafficserver-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From shinr...@apache.org
Subject [trafficserver] 04/04: Refactor the alpn/npn handling into common ALPNSupport class
Date Mon, 12 Aug 2019 17:16:17 GMT
This is an automated email from the ASF dual-hosted git repository.

shinrich pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git

commit 548368334753553468f3fbabe41f4e09342afa33
Author: Susan Hinrichs <shinrich@oath.com>
AuthorDate: Wed Aug 7 19:24:34 2019 +0000

    Refactor the alpn/npn handling into common ALPNSupport class
---
 iocore/net/ALPNSupport.cc             | 82 +++++++++++++++++++++++++++++++++++
 iocore/net/Makefile.am                |  2 +
 iocore/net/P_ALPNSupport.h            | 71 ++++++++++++++++++++++++++++++
 iocore/net/P_QUICNetVConnection.h     | 23 +++-------
 iocore/net/P_SNIActionPerformer.h     |  2 +-
 iocore/net/P_SSLNetVConnection.h      | 29 +------------
 iocore/net/QUICNetVConnection.cc      | 36 +++------------
 iocore/net/QUICNextProtocolAccept.cc  |  3 +-
 iocore/net/SSLNetVConnection.cc       | 60 ++++---------------------
 iocore/net/SSLNextProtocolAccept.cc   |  1 -
 iocore/net/quic/Mock.h                | 26 -----------
 iocore/net/quic/QUICConnection.h      | 14 +++---
 src/traffic_server/InkAPI.cc          | 13 +++---
 tests/gold_tests/h2/h2disable.test.py |  3 +-
 tests/gold_tests/h2/h2enable.test.py  |  1 +
 15 files changed, 193 insertions(+), 173 deletions(-)

diff --git a/iocore/net/ALPNSupport.cc b/iocore/net/ALPNSupport.cc
new file mode 100644
index 0000000..bf6874c
--- /dev/null
+++ b/iocore/net/ALPNSupport.cc
@@ -0,0 +1,82 @@
+/** @file
+
+  ALPNSupport.cc provides implmentations for ALPNSupport methods
+
+  @section license License
+
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements.  See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership.  The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+ */
+
+#include "P_ALPNSupport.h"
+#include "P_SSLNextProtocolSet.h"
+#include "records/I_RecHttp.h"
+
+void
+ALPNSupport::clear()
+{
+  if (npn) {
+    ats_free(npn);
+    npn   = nullptr;
+    npnsz = 0;
+  }
+  npnSet      = nullptr;
+  npnEndpoint = nullptr;
+}
+
+bool
+ALPNSupport::setSelectedProtocol(const unsigned char *proto, unsigned int len)
+{
+  // If there's no NPN set, we should not have done this negotiation.
+  ink_assert(this->npnSet != nullptr);
+
+  this->npnEndpoint = this->npnSet->findEndpoint(proto, static_cast<unsigned>(len));
+  this->npnSet      = nullptr;
+
+  if (this->npnEndpoint == nullptr) {
+    Error("failed to find registered SSL endpoint for '%.*s'", len, proto);
+    return false;
+  }
+  return true;
+}
+
+void
+ALPNSupport::disableProtocol(int idx)
+{
+  this->protoenabled.markOut(idx);
+  // Update the npn string
+  if (npnSet) {
+    npnSet->create_npn_advertisement(protoenabled, &npn, &npnsz);
+  }
+}
+
+void
+ALPNSupport::enableProtocol(int idx)
+{
+  this->protoenabled.markIn(idx);
+  // Update the npn string
+  if (npnSet) {
+    npnSet->create_npn_advertisement(protoenabled, &npn, &npnsz);
+  }
+}
+
+void
+ALPNSupport::registerNextProtocolSet(SSLNextProtocolSet *s, const SessionProtocolSet &protos)
+{
+  this->protoenabled = protos;
+  this->npnSet       = s;
+  npnSet->create_npn_advertisement(protoenabled, &npn, &npnsz);
+}
diff --git a/iocore/net/Makefile.am b/iocore/net/Makefile.am
index 898eb9b..2ec6f4e 100644
--- a/iocore/net/Makefile.am
+++ b/iocore/net/Makefile.am
@@ -86,6 +86,7 @@ test_UDPNet_SOURCES = \
 	test_I_UDPNet.cc
 
 libinknet_a_SOURCES = \
+        ALPNSupport.cc \
 	BIO_fastopen.cc \
 	BIO_fastopen.h \
 	Connection.cc \
@@ -102,6 +103,7 @@ libinknet_a_SOURCES = \
 	YamlSNIConfig.cc \
 	Net.cc \
 	NetVConnection.cc \
+        P_ALPNSupport.h \
 	P_SNIActionPerformer.h \
 	P_CompletionUtil.h \
 	P_Connection.h \
diff --git a/iocore/net/P_ALPNSupport.h b/iocore/net/P_ALPNSupport.h
new file mode 100644
index 0000000..75970da
--- /dev/null
+++ b/iocore/net/P_ALPNSupport.h
@@ -0,0 +1,71 @@
+/** @file
+
+  ALPNSupport implements common methods and members to
+  support protocols for ALPN negotiation
+
+  @section license License
+
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements.  See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership.  The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+ */
+
+#pragma once
+#include "records/I_RecHttp.h"
+
+class SSLNextProtocolSet;
+class SSLNextProtocolAccept;
+class Continuation;
+
+class ALPNSupport
+{
+public:
+  void registerNextProtocolSet(SSLNextProtocolSet *, const SessionProtocolSet &protos);
+  void disableProtocol(int idx);
+  void enableProtocol(int idx);
+  void clear();
+  bool setSelectedProtocol(const unsigned char *proto, unsigned int len);
+
+  Continuation *
+  endpoint() const
+  {
+    return npnEndpoint;
+  }
+
+  bool
+  getNPN(const unsigned char **out, unsigned int *outlen) const
+  {
+    if (this->npn && this->npnsz) {
+      *out    = this->npn;
+      *outlen = this->npnsz;
+      return true;
+    }
+    return false;
+  }
+
+  const SSLNextProtocolSet *
+  getNextProtocolSet() const
+  {
+    return npnSet;
+  }
+
+private:
+  const SSLNextProtocolSet *npnSet = nullptr;
+  SessionProtocolSet protoenabled;
+  // Local copies of the npn strings
+  unsigned char *npn        = nullptr;
+  size_t npnsz              = 0;
+  Continuation *npnEndpoint = nullptr;
+};
diff --git a/iocore/net/P_QUICNetVConnection.h b/iocore/net/P_QUICNetVConnection.h
index d9a0adb..925a4fe 100644
--- a/iocore/net/P_QUICNetVConnection.h
+++ b/iocore/net/P_QUICNetVConnection.h
@@ -127,7 +127,11 @@ class SSLNextProtocolSet;
  *    WRITE:
  *      Do nothing
  **/
-class QUICNetVConnection : public UnixNetVConnection, public QUICConnection, public QUICFrameGenerator,
public RefCountObj
+class QUICNetVConnection : public UnixNetVConnection,
+                           public QUICConnection,
+                           public QUICFrameGenerator,
+                           public RefCountObj,
+                           public ALPNSupport
 {
   using super = UnixNetVConnection; ///< Parent type.
 
@@ -171,15 +175,6 @@ public:
   int select_next_protocol(SSL *ssl, const unsigned char **out, unsigned char *outlen, const
unsigned char *in,
                            unsigned inlen) const override;
 
-  void
-  setEnabledProtocols(const SessionProtocolSet &protos)
-  {
-    this->_protoenabled = protos;
-  }
-
-  // QUICNetVConnection
-  void registerNextProtocolSet(SSLNextProtocolSet *s);
-
   // QUICConnection
   QUICStreamManager *stream_manager() override;
   void close(QUICConnectionErrorUPtr error) override;
@@ -195,8 +190,6 @@ public:
   const QUICFiveTuple five_tuple() const override;
   uint32_t pmtu() const override;
   NetVConnectionContext_t direction() const override;
-  SSLNextProtocolSet *next_protocol_set() const override;
-  const SessionProtocolSet &get_enabled_protocols() const override;
   std::string_view negotiated_application_name() const override;
   bool is_closed() const override;
 
@@ -245,12 +238,6 @@ private:
 
   uint32_t _pmtu = 1280;
 
-  SSLNextProtocolSet *_next_protocol_set = nullptr;
-  SessionProtocolSet _protoenabled;
-  // Local copies of the npn strings
-  unsigned char *_npn = nullptr;
-  size_t _npnsz       = 0;
-
   // TODO: use custom allocator and make them std::unique_ptr or std::shared_ptr
   // or make them just member variables.
   QUICHandshake *_handshake_handler                 = nullptr;
diff --git a/iocore/net/P_SNIActionPerformer.h b/iocore/net/P_SNIActionPerformer.h
index 1de840c..5e9f352 100644
--- a/iocore/net/P_SNIActionPerformer.h
+++ b/iocore/net/P_SNIActionPerformer.h
@@ -55,7 +55,7 @@ public:
     if (ssl_vc) {
       if (!enable_h2) {
         ssl_vc->disableProtocol(TS_ALPN_PROTOCOL_INDEX_HTTP_2_0);
-      } else if (enable_h2) {
+      } else {
         ssl_vc->enableProtocol(TS_ALPN_PROTOCOL_INDEX_HTTP_2_0);
       }
     }
diff --git a/iocore/net/P_SSLNetVConnection.h b/iocore/net/P_SSLNetVConnection.h
index ef3b625..0240ee7 100644
--- a/iocore/net/P_SSLNetVConnection.h
+++ b/iocore/net/P_SSLNetVConnection.h
@@ -42,7 +42,7 @@
 #include "P_EventSystem.h"
 #include "P_UnixNetVConnection.h"
 #include "P_UnixNet.h"
-#include "records/I_RecHttp.h"
+#include "P_ALPNSupport.h"
 
 // These are included here because older OpenSSL libraries don't have them.
 // Don't copy these defines, or use their values directly, they are merely
@@ -68,8 +68,6 @@
 #define SSL_DEF_TLS_RECORD_BYTE_THRESHOLD 1000000
 #define SSL_DEF_TLS_RECORD_MSEC_THRESHOLD 1000
 
-class SSLNextProtocolSet;
-class SSLNextProtocolAccept;
 struct SSLCertLookup;
 
 typedef enum {
@@ -88,7 +86,7 @@ enum SSLHandshakeStatus { SSL_HANDSHAKE_ONGOING, SSL_HANDSHAKE_DONE, SSL_HANDSHA
 //  A VConnection for a network socket.
 //
 //////////////////////////////////////////////////////////////////
-class SSLNetVConnection : public UnixNetVConnection
+class SSLNetVConnection : public UnixNetVConnection, public ALPNSupport
 {
   typedef UnixNetVConnection super; ///< Parent type.
 
@@ -142,7 +140,6 @@ public:
   int sslClientHandShakeEvent(int &err);
   void net_read_io(NetHandler *nh, EThread *lthread) override;
   int64_t load_buffer_and_write(int64_t towrite, MIOBufferAccessor &buf, int64_t &total_written,
int &needs) override;
-  void registerNextProtocolSet(SSLNextProtocolSet *, const SessionProtocolSet &protos);
   void do_io_close(int lerrno = -1) override;
 
   ////////////////////////////////////////////////////////////
@@ -156,21 +153,6 @@ public:
   static int select_next_protocol(SSL *ssl, const unsigned char **out, unsigned char *outlen,
const unsigned char *in,
                                   unsigned inlen, void *);
 
-  Continuation *
-  endpoint() const
-  {
-    return npnEndpoint;
-  }
-
-  void disableProtocol(int idx);
-  void enableProtocol(int idx);
-
-  void
-  setEnabledProtocols(const SessionProtocolSet &protos)
-  {
-    this->protoenabled = protos;
-  }
-
   bool
   getSSLClientRenegotiationAbort() const
   {
@@ -459,13 +441,6 @@ private:
     HANDSHAKE_HOOKS_DONE
   } sslHandshakeHookState = HANDSHAKE_HOOKS_PRE;
 
-  const SSLNextProtocolSet *npnSet = nullptr;
-  Continuation *npnEndpoint        = nullptr;
-  SessionProtocolSet protoenabled;
-  // Local copies of the npn strings
-  unsigned char *npn = nullptr;
-  size_t npnsz       = 0;
-
   int64_t redoWriteSize       = 0;
   char *tunnel_host           = nullptr;
   in_port_t tunnel_port       = 0;
diff --git a/iocore/net/QUICNetVConnection.cc b/iocore/net/QUICNetVConnection.cc
index 36f55cc..6755703 100644
--- a/iocore/net/QUICNetVConnection.cc
+++ b/iocore/net/QUICNetVConnection.cc
@@ -503,11 +503,7 @@ QUICNetVConnection::free(EThread *t)
 
     super::clear();
   */
-  if (this->_npn) {
-    ats_free(this->_npn);
-    this->_npn   = nullptr;
-    this->_npnsz = 0;
-  }
+  ALPNSupport::clear();
   this->_packet_handler->close_connection(this);
 }
 
@@ -1019,23 +1015,18 @@ QUICNetVConnection::protocol_contains(std::string_view prefix) const
   return retval;
 }
 
-void
-QUICNetVConnection::registerNextProtocolSet(SSLNextProtocolSet *s)
-{
-  this->_next_protocol_set = s;
-  this->_next_protocol_set->create_npn_advertisement(this->_protoenabled, &this->_npn,
&this->_npnsz);
-}
-
 // ALPN TLS extension callback. Given the client's set of offered
 // protocols, we have to select a protocol to use for this session.
 int
 QUICNetVConnection::select_next_protocol(SSL *ssl, const unsigned char **out, unsigned char
*outlen, const unsigned char *in,
                                          unsigned inlen) const
 {
-  if (this->_npn && this->_npnsz) {
+  const unsigned char *npnptr = nullptr;
+  unsigned int npnsize        = 0;
+  if (this->getNPN(&npnptr, &npnsize)) {
     // SSL_select_next_proto chooses the first server-offered protocol that appears in the
clients protocol set, ie. the
     // server selects the protocol. This is a n^2 search, so it's preferable to keep the
protocol set short.
-    if (SSL_select_next_proto((unsigned char **)out, outlen, this->_npn, this->_npnsz,
in, inlen) == OPENSSL_NPN_NEGOTIATED) {
+    if (SSL_select_next_proto((unsigned char **)out, outlen, npnptr, npnsize, in, inlen)
== OPENSSL_NPN_NEGOTIATED) {
       Debug("ssl", "selected ALPN protocol %.*s", (int)(*outlen), *out);
       return SSL_TLSEXT_ERR_OK;
     }
@@ -1052,18 +1043,6 @@ QUICNetVConnection::is_closed() const
   return this->handler == reinterpret_cast<NetVConnHandler>(&QUICNetVConnection::state_connection_closed);
 }
 
-SSLNextProtocolSet *
-QUICNetVConnection::next_protocol_set() const
-{
-  return this->_next_protocol_set;
-}
-
-const SessionProtocolSet &
-QUICNetVConnection::get_enabled_protocols() const
-{
-  return this->_protoenabled;
-}
-
 QUICPacketNumber
 QUICNetVConnection::_largest_acked_packet_number(QUICEncryptionLevel level) const
 {
@@ -2049,11 +2028,10 @@ QUICNetVConnection::_start_application()
     }
 
     if (netvc_context == NET_VCONNECTION_IN) {
-      Continuation *endpoint = this->_next_protocol_set->findEndpoint(app_name, app_name_len);
-      if (endpoint == nullptr) {
+      if (!this->setSelectedProtocol(app_name, app_name_len)) {
         this->_handle_error(std::make_unique<QUICConnectionError>(QUICTransErrorCode::VERSION_NEGOTIATION_ERROR));
       } else {
-        endpoint->handleEvent(NET_EVENT_ACCEPT, this);
+        this->endpoint()->handleEvent(NET_EVENT_ACCEPT, this);
       }
     } else {
       this->action_.continuation->handleEvent(NET_EVENT_OPEN, this);
diff --git a/iocore/net/QUICNextProtocolAccept.cc b/iocore/net/QUICNextProtocolAccept.cc
index 4662a09..53faf43 100644
--- a/iocore/net/QUICNextProtocolAccept.cc
+++ b/iocore/net/QUICNextProtocolAccept.cc
@@ -54,8 +54,7 @@ QUICNextProtocolAccept::mainEvent(int event, void *edata)
   switch (event) {
   case NET_EVENT_ACCEPT:
     ink_release_assert(netvc != nullptr);
-    netvc->setEnabledProtocols(this->protoenabled);
-    netvc->registerNextProtocolSet(&this->protoset);
+    netvc->registerNextProtocolSet(&this->protoset, this->protoenabled);
     return EVENT_CONT;
   default:
     netvc->do_io_close();
diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc
index 2dbe2d9..309391c 100644
--- a/iocore/net/SSLNetVConnection.cc
+++ b/iocore/net/SSLNetVConnection.cc
@@ -25,7 +25,6 @@
 #include "tscore/EventNotify.h"
 #include "tscore/I_Layout.h"
 #include "tscore/TSSystemState.h"
-#include "records/I_RecHttp.h"
 
 #include "InkAPIInternal.h" // Added to include the ssl_hook definitions
 #include "Log.h"
@@ -34,7 +33,6 @@
 #include "HttpConfig.h"
 
 #include "P_Net.h"
-#include "P_SSLNextProtocolSet.h"
 #include "P_SSLUtils.h"
 #include "P_SSLConfig.h"
 #include "P_SSLClientUtils.h"
@@ -42,6 +40,7 @@
 #include "BIO_fastopen.h"
 #include "SSLStats.h"
 #include "SSLInternal.h"
+#include "P_ALPNSupport.h"
 
 #include <climits>
 #include <string>
@@ -889,11 +888,7 @@ SSLNetVConnection::clear()
     SSL_free(ssl);
     ssl = nullptr;
   }
-  if (npn) {
-    ats_free(npn);
-    npn   = nullptr;
-    npnsz = 0;
-  }
+  ALPNSupport::clear();
 
   sslHandshakeStatus          = SSL_HANDSHAKE_ONGOING;
   sslHandshakeBeginTime       = 0;
@@ -904,8 +899,6 @@ SSLNetVConnection::clear()
 
   curHook         = nullptr;
   hookOpRequested = SSL_HOOK_OP_DEFAULT;
-  npnSet          = nullptr;
-  npnEndpoint     = nullptr;
   free_handshake_buffers();
 
   super::clear();
@@ -1268,17 +1261,9 @@ SSLNetVConnection::sslServerHandShakeEvent(int &err)
       }
 
       if (len) {
-        // If there's no NPN set, we should not have done this negotiation.
-        ink_assert(this->npnSet != nullptr);
-
-        this->npnEndpoint = this->npnSet->findEndpoint(proto, len);
-        this->npnSet      = nullptr;
-
-        if (this->npnEndpoint == nullptr) {
-          Error("failed to find registered SSL endpoint for '%.*s'", (int)len, (const char
*)proto);
+        if (!this->setSelectedProtocol(proto, len)) {
           return EVENT_ERROR;
         }
-
         Debug("ssl", "client selected next protocol '%.*s'", len, proto);
       } else {
         Debug("ssl", "client did not select a next protocol");
@@ -1457,34 +1442,6 @@ SSLNetVConnection::sslClientHandShakeEvent(int &err)
   return EVENT_CONT;
 }
 
-void
-SSLNetVConnection::disableProtocol(int idx)
-{
-  this->protoenabled.markOut(idx);
-  // Update the npn string
-  if (npnSet) {
-    npnSet->create_npn_advertisement(protoenabled, &npn, &npnsz);
-  }
-}
-
-void
-SSLNetVConnection::enableProtocol(int idx)
-{
-  this->protoenabled.markIn(idx);
-  // Update the npn string
-  if (npnSet) {
-    npnSet->create_npn_advertisement(protoenabled, &npn, &npnsz);
-  }
-}
-
-void
-SSLNetVConnection::registerNextProtocolSet(SSLNextProtocolSet *s, const SessionProtocolSet
&protos)
-{
-  this->protoenabled = protos;
-  this->npnSet       = s;
-  npnSet->create_npn_advertisement(protoenabled, &npn, &npnsz);
-}
-
 // NextProtocolNegotiation TLS extension callback. The NPN extension
 // allows the client to select a preferred protocol, so all we have
 // to do here is tell them what out protocol set is.
@@ -1495,13 +1452,10 @@ SSLNetVConnection::advertise_next_protocol(SSL *ssl, const unsigned
char **out,
 
   ink_release_assert(netvc != nullptr);
 
-  if (netvc->npn && netvc->npnsz) {
-    *out    = netvc->npn;
-    *outlen = netvc->npnsz;
+  if (netvc->getNPN(out, outlen)) {
     // Successful return tells OpenSSL to advertise.
     return SSL_TLSEXT_ERR_OK;
   }
-
   return SSL_TLSEXT_ERR_NOACK;
 }
 
@@ -1514,10 +1468,12 @@ SSLNetVConnection::select_next_protocol(SSL *ssl, const unsigned char
**out, uns
   SSLNetVConnection *netvc = SSLNetVCAccess(ssl);
 
   ink_release_assert(netvc != nullptr);
-  if (netvc->npn && netvc->npnsz) {
+  const unsigned char *npnptr = nullptr;
+  unsigned int npnsize        = 0;
+  if (netvc->getNPN(&npnptr, &npnsize)) {
     // SSL_select_next_proto chooses the first server-offered protocol that appears in the
clients protocol set, ie. the
     // server selects the protocol. This is a n^2 search, so it's preferable to keep the
protocol set short.
-    if (SSL_select_next_proto((unsigned char **)out, outlen, netvc->npn, netvc->npnsz,
in, inlen) == OPENSSL_NPN_NEGOTIATED) {
+    if (SSL_select_next_proto((unsigned char **)out, outlen, npnptr, npnsize, in, inlen)
== OPENSSL_NPN_NEGOTIATED) {
       Debug("ssl", "selected ALPN protocol %.*s", (int)(*outlen), *out);
       return SSL_TLSEXT_ERR_OK;
     }
diff --git a/iocore/net/SSLNextProtocolAccept.cc b/iocore/net/SSLNextProtocolAccept.cc
index 7d4b39f..942bf02 100644
--- a/iocore/net/SSLNextProtocolAccept.cc
+++ b/iocore/net/SSLNextProtocolAccept.cc
@@ -135,7 +135,6 @@ SSLNextProtocolAccept::mainEvent(int event, void *edata)
     // force the SSLNetVConnection to complete the SSL handshake. Don't tell
     // the endpoint that there is an accept to handle until the read completes
     // and we know which protocol was negotiated.
-    netvc->setEnabledProtocols(this->protoenabled);
     netvc->registerNextProtocolSet(&this->protoset, this->protoenabled);
     netvc->do_io_read(new SSLNextProtocolTrampoline(this, netvc->mutex), 0, this->buffer);
     return EVENT_CONT;
diff --git a/iocore/net/quic/Mock.h b/iocore/net/quic/Mock.h
index cb107c9..d4692b0 100644
--- a/iocore/net/quic/Mock.h
+++ b/iocore/net/quic/Mock.h
@@ -214,18 +214,6 @@ public:
     return _direction;
   }
 
-  SSLNextProtocolSet *
-  next_protocol_set() const override
-  {
-    return nullptr;
-  }
-
-  const SessionProtocolSet &
-  get_enabled_protocols() const override
-  {
-    return _protocolsenabled;
-  }
-
   void
   close(QUICConnectionErrorUPtr error) override
   {
@@ -281,7 +269,6 @@ public:
 
   QUICTransportParametersInEncryptedExtensions dummy_transport_parameters();
   NetVConnectionContext_t _direction;
-  SessionProtocolSet _protocolsenabled;
 };
 
 class MockQUICConnectionInfoProvider : public QUICConnectionInfoProvider
@@ -335,17 +322,6 @@ class MockQUICConnectionInfoProvider : public QUICConnectionInfoProvider
     return NET_VCONNECTION_OUT;
   }
 
-  SSLNextProtocolSet *
-  next_protocol_set() const override
-  {
-    return nullptr;
-  }
-  const SessionProtocolSet &
-  get_enabled_protocols() const override
-  {
-    return _protocolsenabled;
-  }
-
   int
   select_next_protocol(SSL *ssl, const unsigned char **out, unsigned char *outlen, const
unsigned char *in,
                        unsigned inlen) const override
@@ -364,8 +340,6 @@ class MockQUICConnectionInfoProvider : public QUICConnectionInfoProvider
   {
     return negotiated_application_name_sv;
   }
-
-  SessionProtocolSet _protocolsenabled;
 };
 
 class MockQUICCongestionController : public QUICCongestionController
diff --git a/iocore/net/quic/QUICConnection.h b/iocore/net/quic/QUICConnection.h
index c57b19f..d2c3d56 100644
--- a/iocore/net/quic/QUICConnection.h
+++ b/iocore/net/quic/QUICConnection.h
@@ -30,8 +30,6 @@
 class QUICApplication;
 class QUICStreamManager;
 class UDPPacket;
-class SSLNextProtocolSet;
-class SessionProtocolSet;
 
 class QUICConnectionInfoProvider
 {
@@ -43,14 +41,12 @@ public:
   virtual std::string_view cids() const                   = 0;
   virtual const QUICFiveTuple five_tuple() const          = 0;
 
-  virtual uint32_t pmtu() const                                   = 0;
-  virtual NetVConnectionContext_t direction() const               = 0;
-  virtual SSLNextProtocolSet *next_protocol_set() const           = 0;
-  virtual const SessionProtocolSet &get_enabled_protocols() const = 0;
+  virtual uint32_t pmtu() const                                = 0;
+  virtual NetVConnectionContext_t direction() const            = 0;
   virtual int select_next_protocol(SSL *ssl, const unsigned char **out, unsigned char *outlen,
const unsigned char *in,
-                                   unsigned inlen) const          = 0;
-  virtual bool is_closed() const                                  = 0;
-  virtual std::string_view negotiated_application_name() const    = 0;
+                                   unsigned inlen) const       = 0;
+  virtual bool is_closed() const                               = 0;
+  virtual std::string_view negotiated_application_name() const = 0;
 };
 
 class QUICConnection : public QUICFrameHandler, public QUICConnectionInfoProvider
diff --git a/src/traffic_server/InkAPI.cc b/src/traffic_server/InkAPI.cc
index d4c56b3..6b93fbb 100644
--- a/src/traffic_server/InkAPI.cc
+++ b/src/traffic_server/InkAPI.cc
@@ -7169,7 +7169,6 @@ TSNetAcceptNamedProtocol(TSCont contp, const char *protocol)
   sdk_assert(sdk_sanity_check_continuation(contp) == TS_SUCCESS);
 
   if (!ssl_register_protocol(protocol, (INKContInternal *)contp)) {
-    //    ssl_unregister_protocol(protocol, (INKContInternal *)contp);
     return TS_ERROR;
   }
 
@@ -9420,9 +9419,9 @@ TSVConnProtocolEnable(TSVConn connp, const char *protocol_name)
   TSReturnCode retval = TS_ERROR;
   int protocol_idx    = globalSessionProtocolNameRegistry.toIndexConst(std::string_view{protocol_name});
   auto net_vc         = reinterpret_cast<UnixNetVConnection *>(connp);
-  auto ssl_vc         = dynamic_cast<SSLNetVConnection *>(net_vc);
-  if (ssl_vc) {
-    ssl_vc->enableProtocol(protocol_idx);
+  auto alpn_vc        = dynamic_cast<ALPNSupport *>(net_vc);
+  if (alpn_vc) {
+    alpn_vc->enableProtocol(protocol_idx);
     retval = TS_SUCCESS;
   }
   return retval;
@@ -9434,9 +9433,9 @@ TSVConnProtocolDisable(TSVConn connp, const char *protocol_name)
   TSReturnCode retval = TS_ERROR;
   int protocol_idx    = globalSessionProtocolNameRegistry.toIndexConst(std::string_view{protocol_name});
   auto net_vc         = reinterpret_cast<UnixNetVConnection *>(connp);
-  auto ssl_vc         = dynamic_cast<SSLNetVConnection *>(net_vc);
-  if (ssl_vc) {
-    ssl_vc->disableProtocol(protocol_idx);
+  auto alpn_vc        = dynamic_cast<ALPNSupport *>(net_vc);
+  if (alpn_vc) {
+    alpn_vc->disableProtocol(protocol_idx);
     retval = TS_SUCCESS;
   }
   return retval;
diff --git a/tests/gold_tests/h2/h2disable.test.py b/tests/gold_tests/h2/h2disable.test.py
index 945eedf..f9347b6 100644
--- a/tests/gold_tests/h2/h2disable.test.py
+++ b/tests/gold_tests/h2/h2disable.test.py
@@ -53,7 +53,8 @@ ts.Disk.records_config.update({
     'proxy.config.ssl.server.cert.path': '{0}'.format(ts.Variables.SSLDir),
     'proxy.config.ssl.server.private_key.path': '{0}'.format(ts.Variables.SSLDir),
     'proxy.config.ssl.server.cipher_suite': 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:RC4-SHA:RC4-MD5:AES128-SHA:AES256-SHA:DES-CBC3-SHA!SRP:!DSS:!PSK:!aNULL:!eNULL:!SSLv2',
-    'proxy.config.url_remap.pristine_host_hdr': 1
+    'proxy.config.url_remap.pristine_host_hdr': 1,
+    'proxy.config.accept_threads': 1
 })
 
 ts.Disk.sni_yaml.AddLines([
diff --git a/tests/gold_tests/h2/h2enable.test.py b/tests/gold_tests/h2/h2enable.test.py
index 7ea7dc5..0357e93 100644
--- a/tests/gold_tests/h2/h2enable.test.py
+++ b/tests/gold_tests/h2/h2enable.test.py
@@ -53,6 +53,7 @@ ts.Disk.records_config.update({
     'proxy.config.ssl.server.private_key.path': '{0}'.format(ts.Variables.SSLDir),
     'proxy.config.ssl.server.cipher_suite': 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:RC4-SHA:RC4-MD5:AES128-SHA:AES256-SHA:DES-CBC3-SHA!SRP:!DSS:!PSK:!aNULL:!eNULL:!SSLv2',
     'proxy.config.url_remap.pristine_host_hdr': 1,
+    'proxy.config.accept_threads': 1,
     'proxy.config.http.server_ports': '{0}:ssl:proto=http {1}'.format(ts.Variables.ssl_port,
ts.Variables.port)
 })
 


Mime
View raw message