[ruby-core:59682] [ruby-trunk - Feature #9390] (Open) Support for the ALPN TLS extension

[ruby-core:59682] [ruby-trunk - Feature #9390] (Open) Support for the ALPN TLS extension

[Ilya, Grigorik]

Issue #9390 has been reported by Ilya Grigorik.

----------------------------------------
Feature #9390: Support for the ALPN TLS extension
https://bugs.ruby-lang.org/issues/9390

* Author: Ilya Grigorik
* Status: Open
* Priority: Normal
* Assignee: 
* Category: ext/openssl
* Target version: 
----------------------------------------
ALPN [1] is a successor [2] to NPN, support for which was added in 2.0.0 [3].

HTTP/2 [4] is using ALPN to negotiate protocol support, and the spec is moving fast -- it'd be great to have ALPN support in one of the upcoming Ruby releases. Current status of ALPN support in various TLS libraries and languages: https://github.com/http2/http2-spec/wiki/ALPN-Status. 

As a side note, for anyone interested, I have an implementation of draft-06 http/2 spec: https://github.com/igrigorik/http-2

[1] http://tools.ietf.org/html/draft-friedl-tls-applayerprotoneg-02
[2] https://www.imperialviolet.org/2013/03/20/alpn.html
[3] https://bugs.ruby-lang.org/issues/6503
[4] http://tools.ietf.org/html/draft-ietf-httpbis-http2-00



-- 
http://bugs.ruby-lang.org/

[ruby-core:59747] [ruby-trunk - Feature #9390] [Assigned] Support for the ALPN TLS extension

[Eric, Hodel]

Issue #9390 has been updated by Eric Hodel.

Status changed from Open to Assigned
Assignee set to Martin Bosslet

----------------------------------------
Feature #9390: Support for the ALPN TLS extension
https://bugs.ruby-lang.org/issues/9390#change-44271

* Author: Ilya Grigorik
* Status: Assigned
* Priority: Normal
* Assignee: Martin Bosslet
* Category: ext/openssl
* Target version: 
----------------------------------------
ALPN [1] is a successor [2] to NPN, support for which was added in 2.0.0 [3].

HTTP/2 [4] is using ALPN to negotiate protocol support, and the spec is moving fast -- it'd be great to have ALPN support in one of the upcoming Ruby releases. Current status of ALPN support in various TLS libraries and languages: https://github.com/http2/http2-spec/wiki/ALPN-Status. 

As a side note, for anyone interested, I have an implementation of draft-06 http/2 spec: https://github.com/igrigorik/http-2

[1] http://tools.ietf.org/html/draft-friedl-tls-applayerprotoneg-02
[2] https://www.imperialviolet.org/2013/03/20/alpn.html
[3] https://bugs.ruby-lang.org/issues/6503
[4] http://tools.ietf.org/html/draft-ietf-httpbis-http2-00



-- 
http://bugs.ruby-lang.org/

[ruby-core:64193] [ruby-trunk - Feature #9390] Support for the ALPN TLS extension

[cabo]

Issue #9390 has been updated by Carsten Bormann.


Note that RFC 7301 has published:  http://tools.ietf.org/html/rfc7301

HTTP/2 is nearing completion and requires ALPN, so if Ruby wants to play in this space, ALPN needs to be done with high priority now.


----------------------------------------
Feature #9390: Support for the ALPN TLS extension
https://bugs.ruby-lang.org/issues/9390#change-48193

* Author: Ilya Grigorik
* Status: Assigned
* Priority: Normal
* Assignee: Martin Bosslet
* Category: ext/openssl
* Target version: 
----------------------------------------
ALPN [1] is a successor [2] to NPN, support for which was added in 2.0.0 [3].

HTTP/2 [4] is using ALPN to negotiate protocol support, and the spec is moving fast -- it'd be great to have ALPN support in one of the upcoming Ruby releases. Current status of ALPN support in various TLS libraries and languages: https://github.com/http2/http2-spec/wiki/ALPN-Status. 

As a side note, for anyone interested, I have an implementation of draft-06 http/2 spec: https://github.com/igrigorik/http-2

[1] http://tools.ietf.org/html/draft-friedl-tls-applayerprotoneg-02
[2] https://www.imperialviolet.org/2013/03/20/alpn.html
[3] https://bugs.ruby-lang.org/issues/6503
[4] http://tools.ietf.org/html/draft-ietf-httpbis-http2-00



-- 
https://bugs.ruby-lang.org/

[ruby-core:66573] [ruby-trunk - Feature #9390] Support for the ALPN TLS extension

[ilya]

Issue #9390 has been updated by Ilya Grigorik.


Carsten Bormann wrote:
> Note that RFC 7301 has published:  http://tools.ietf.org/html/rfc7301
> 
> HTTP/2 is nearing completion and requires ALPN, so if Ruby wants to play in this space, ALPN needs to be done with high priority now.

+1. Anything we can do to move this forward?


----------------------------------------
Feature #9390: Support for the ALPN TLS extension
https://bugs.ruby-lang.org/issues/9390#change-50188

* Author: Ilya Grigorik
* Status: Assigned
* Priority: Normal
* Assignee: Martin Bosslet
* Category: ext/openssl
* Target version: 
----------------------------------------
ALPN [1] is a successor [2] to NPN, support for which was added in 2.0.0 [3].

HTTP/2 [4] is using ALPN to negotiate protocol support, and the spec is moving fast -- it'd be great to have ALPN support in one of the upcoming Ruby releases. Current status of ALPN support in various TLS libraries and languages: https://github.com/http2/http2-spec/wiki/ALPN-Status. 

As a side note, for anyone interested, I have an implementation of draft-06 http/2 spec: https://github.com/igrigorik/http-2

[1] http://tools.ietf.org/html/draft-friedl-tls-applayerprotoneg-02
[2] https://www.imperialviolet.org/2013/03/20/alpn.html
[3] https://bugs.ruby-lang.org/issues/6503
[4] http://tools.ietf.org/html/draft-ietf-httpbis-http2-00



-- 
https://bugs.ruby-lang.org/

[ruby-core:66574] Re: [ruby-trunk - Feature #9390] Support for the ALPN TLS extension

[Eric Wong]

ilya@igvita.com wrote:
> +1. Anything we can do to move this forward?

A patch and test cases would be nice.
I'm mildly interested in this, too, but don't trust myself with OpenSSL.

[ruby-core:66575] [ruby-trunk - Feature #9390] Support for the ALPN TLS extension

[normalperson]

Issue #9390 has been updated by Eric Wong.


 ilya@igvita.com wrote:
 > +1. Anything we can do to move this forward?
 
 A patch and test cases would be nice.
 I'm mildly interested in this, too, but don't trust myself with OpenSSL.

----------------------------------------
Feature #9390: Support for the ALPN TLS extension
https://bugs.ruby-lang.org/issues/9390#change-50189

* Author: Ilya Grigorik
* Status: Assigned
* Priority: Normal
* Assignee: Martin Bosslet
* Category: ext/openssl
* Target version: 
----------------------------------------
ALPN [1] is a successor [2] to NPN, support for which was added in 2.0.0 [3].

HTTP/2 [4] is using ALPN to negotiate protocol support, and the spec is moving fast -- it'd be great to have ALPN support in one of the upcoming Ruby releases. Current status of ALPN support in various TLS libraries and languages: https://github.com/http2/http2-spec/wiki/ALPN-Status. 

As a side note, for anyone interested, I have an implementation of draft-06 http/2 spec: https://github.com/igrigorik/http-2

[1] http://tools.ietf.org/html/draft-friedl-tls-applayerprotoneg-02
[2] https://www.imperialviolet.org/2013/03/20/alpn.html
[3] https://bugs.ruby-lang.org/issues/6503
[4] http://tools.ietf.org/html/draft-ietf-httpbis-http2-00



-- 
https://bugs.ruby-lang.org/

[ruby-core:67111] Re: [ruby-trunk - Feature #9390] (Open) Support for the ALPN TLS extension

[Eric Wong]

Note: ALPN requires OpenSSL 1.0.2, which is only in beta3 as of now
(2014/12/24).  I suspect few are willing to use a beta version
of OpenSSL on their servers.  But I look forward to this feature.

[ruby-core:67112] [ruby-trunk - Feature #9390] Support for the ALPN TLS extension

[normalperson]

Issue #9390 has been updated by Eric Wong.


 Note: ALPN requires OpenSSL 1.0.2, which is only in beta3 as of now
 (2014/12/24).  I suspect few are willing to use a beta version
 of OpenSSL on their servers.  But I look forward to this feature.

----------------------------------------
Feature #9390: Support for the ALPN TLS extension
https://bugs.ruby-lang.org/issues/9390#change-50618

* Author: Ilya Grigorik
* Status: Assigned
* Priority: Normal
* Assignee: Martin Bosslet
* Category: ext/openssl
* Target version: 
----------------------------------------
ALPN [1] is a successor [2] to NPN, support for which was added in 2.0.0 [3].

HTTP/2 [4] is using ALPN to negotiate protocol support, and the spec is moving fast -- it'd be great to have ALPN support in one of the upcoming Ruby releases. Current status of ALPN support in various TLS libraries and languages: https://github.com/http2/http2-spec/wiki/ALPN-Status. 

As a side note, for anyone interested, I have an implementation of draft-06 http/2 spec: https://github.com/igrigorik/http-2

[1] http://tools.ietf.org/html/draft-friedl-tls-applayerprotoneg-02
[2] https://www.imperialviolet.org/2013/03/20/alpn.html
[3] https://bugs.ruby-lang.org/issues/6503
[4] http://tools.ietf.org/html/draft-ietf-httpbis-http2-00



-- 
https://bugs.ruby-lang.org/

[ruby-core:68052] [Ruby trunk - Feature #9390] Support for the ALPN TLS extension

[34test45test]

Issue #9390 has been updated by Tim Emiola.


FYI: ALPN support landed in the recent [1.0.2 version](https://www.openssl.org/news/openssl-1.0.2-notes.html) release of openssl.


----------------------------------------
Feature #9390: Support for the ALPN TLS extension
https://bugs.ruby-lang.org/issues/9390#change-51440

* Author: Ilya Grigorik
* Status: Assigned
* Priority: Normal
* Assignee: Martin Bosslet
----------------------------------------
ALPN [1] is a successor [2] to NPN, support for which was added in 2.0.0 [3].

HTTP/2 [4] is using ALPN to negotiate protocol support, and the spec is moving fast -- it'd be great to have ALPN support in one of the upcoming Ruby releases. Current status of ALPN support in various TLS libraries and languages: https://github.com/http2/http2-spec/wiki/ALPN-Status. 

As a side note, for anyone interested, I have an implementation of draft-06 http/2 spec: https://github.com/igrigorik/http-2

[1] http://tools.ietf.org/html/draft-friedl-tls-applayerprotoneg-02
[2] https://www.imperialviolet.org/2013/03/20/alpn.html
[3] https://bugs.ruby-lang.org/issues/6503
[4] http://tools.ietf.org/html/draft-ietf-httpbis-http2-00



-- 
https://bugs.ruby-lang.org/

[ruby-core:69974] [Ruby trunk - Feature #9390] Support for the ALPN TLS extension

[tenderlove]

Issue #9390 has been updated by Aaron Patterson.

File 0001-add-ALPN-extension-support.patch added

Hi, I've attached a patch that adds ALPN support.  I'll apply in a week if no one has objections!

Thanks!!

----------------------------------------
Feature #9390: Support for the ALPN TLS extension
https://bugs.ruby-lang.org/issues/9390#change-53407

* Author: Ilya Grigorik
* Status: Assigned
* Priority: Normal
* Assignee: Martin Bosslet
----------------------------------------
ALPN [1] is a successor [2] to NPN, support for which was added in 2.0.0 [3].

HTTP/2 [4] is using ALPN to negotiate protocol support, and the spec is moving fast -- it'd be great to have ALPN support in one of the upcoming Ruby releases. Current status of ALPN support in various TLS libraries and languages: https://github.com/http2/http2-spec/wiki/ALPN-Status. 

As a side note, for anyone interested, I have an implementation of draft-06 http/2 spec: https://github.com/igrigorik/http-2

[1] http://tools.ietf.org/html/draft-friedl-tls-applayerprotoneg-02
[2] https://www.imperialviolet.org/2013/03/20/alpn.html
[3] https://bugs.ruby-lang.org/issues/6503
[4] http://tools.ietf.org/html/draft-ietf-httpbis-http2-00

---Files--------------------------------
0001-add-ALPN-extension-support.patch (7.75 KB)


-- 
https://bugs.ruby-lang.org/

[ruby-core:69975] Re: [Ruby trunk - Feature #9390] Support for the ALPN TLS extension

[Eric Wong]

tenderlove@ruby-lang.org wrote:
> +ssl_alpn_select_cb(SSL *ssl, const unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg)
> +{
> +    int i = 0;
> +    VALUE sslctx_obj, cb, protocols, selected;
> +
> +    sslctx_obj = (VALUE) arg;
> +    cb = rb_iv_get(sslctx_obj, "@alpn_select_cb");
> +    protocols = rb_ary_new();
> +
> +    /* The format is len_1|proto_1|...|len_n|proto_n\0 */
> +    while (in[i]) {
> +	VALUE protocol = rb_str_new((const char *) &in[i + 1], in[i]);
> +	rb_ary_push(protocols, protocol);
> +	i += in[i] + 1;
> +    }
> +
> +    selected = rb_funcall(cb, rb_intern("call"), 1, protocols);
> +    StringValue(selected);
> +    *out = (unsigned char *) StringValuePtr(selected);
> +    *outlen = RSTRING_LENINT(selected);

I think we need to keep `selected' markable by GC as long as anything
may use `out'.  Otherwise `out' can refer to a freed region.

Perhaps add the following here:

   rb_iv_set(sslctx_obj, "@_alpn_selected", selected);

Side note: StringValue is redundant if using StringValuePtr

Haven't looked at the rest closely, but that jumped out at me.

[ruby-core:69978] [Ruby trunk - Feature #9390] Support for the ALPN TLS extension

[tenderlove]

Issue #9390 has been updated by Aaron Patterson.

File 0001-add-ALPN-extension-support.patch added

> I think we need to keep ‘selected’ markable by GC as long as anything
> may use ‘out’ . Otherwise ‘out’ can refer to a freed region.
> 
> Perhaps add the following here:
>
> rb_iv_set(sslctx_obj, "@_alpn_selected", selected);
> Side note: StringValue is redundant if using StringValuePtr

Thanks for spotting these!  I've attached a new patch with these changes.

----------------------------------------
Feature #9390: Support for the ALPN TLS extension
https://bugs.ruby-lang.org/issues/9390#change-53415

* Author: Ilya Grigorik
* Status: Assigned
* Priority: Normal
* Assignee: Martin Bosslet
----------------------------------------
ALPN [1] is a successor [2] to NPN, support for which was added in 2.0.0 [3].

HTTP/2 [4] is using ALPN to negotiate protocol support, and the spec is moving fast -- it'd be great to have ALPN support in one of the upcoming Ruby releases. Current status of ALPN support in various TLS libraries and languages: https://github.com/http2/http2-spec/wiki/ALPN-Status. 

As a side note, for anyone interested, I have an implementation of draft-06 http/2 spec: https://github.com/igrigorik/http-2

[1] http://tools.ietf.org/html/draft-friedl-tls-applayerprotoneg-02
[2] https://www.imperialviolet.org/2013/03/20/alpn.html
[3] https://bugs.ruby-lang.org/issues/6503
[4] http://tools.ietf.org/html/draft-ietf-httpbis-http2-00

---Files--------------------------------
0001-add-ALPN-extension-support.patch (7.75 KB)
0001-add-ALPN-extension-support.patch (7.78 KB)


-- 
https://bugs.ruby-lang.org/