MEDIUM: httpclient: enable ALPN support on outgoing https connections

Since everything is available for this, let's enable ALPN with the usual "h2,http/1.1" on the https server. This will allow HTTPS requests to use HTTP/2 when available. It may be needed to permit to disable this (or to set the string) in case some client code explicitly checks for the "HTTP/1.1" string, but since httpclient is quite young it's unlikely that such code already exists.
2024-12-18 09:24:31 +00:00 · 2022-09-02 09:02:21 +02:00 · 2022-09-02 09:02:21 +02:00 · df3231c74a
commit df3231c74a
parent f80713ba8e
1 changed files with 7 additions and 1 deletions
--- a/src/http_client.c
+++ b/src/http_client.c
@ -32,7 +32,7 @@
 #include <haproxy/resolvers.h>
 #include <haproxy/sc_strm.h>
 #include <haproxy/server.h>
-#include <haproxy/ssl_sock-t.h>
+#include <haproxy/ssl_sock.h>
 #include <haproxy/sock_inet.h>
 #include <haproxy/stconn.h>
 #include <haproxy/tools.h>
@ -1186,6 +1186,12 @@ static int httpclient_precheck()
 		goto err;
 	}

+#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
+	if (ssl_sock_parse_alpn("h2,http/1.1", &httpclient_srv_ssl->ssl_ctx.alpn_str, &httpclient_srv_ssl->ssl_ctx.alpn_len, &errmsg) != 0) {
+		err_code |= ERR_ALERT | ERR_FATAL;
+		goto err;
+	}
+#endif
 	httpclient_srv_ssl->ssl_ctx.verify = httpclient_ssl_verify;
 	/* if the verify is required, try to load the system CA */
 	if (httpclient_ssl_verify == SSL_SOCK_VERIFY_REQUIRED) {