[Git][NTPsec/ntpsec][master] Use ALPN for the NTS server.
Hal Murray
gitlab at mg.gitlab.com
Tue Jun 25 19:24:43 UTC 2019
Hal Murray pushed to branch master at NTPsec / ntpsec
Commits:
8eecdfb8 by Christer Weinigel at 2019-06-25T17:00:33Z
Use ALPN for the NTS server.
The NTS draft requires the use of ALPN for protocol negotiation.
Add support for ALPN to nts_server.c
- - - - -
1 changed file:
- ntpd/nts_server.c
Changes:
=====================================
ntpd/nts_server.c
=====================================
@@ -47,6 +47,31 @@ uint64_t nts_ke_serves_bad = 0;
uint64_t nts_ke_probes_good = 0;
uint64_t nts_ke_probes_bad = 0;
+#if (OPENSSL_VERSION_NUMBER > 0x1000200fL)
+static int alpn_select_cb(SSL *ssl,
+ const unsigned char **out,
+ unsigned char *outlen,
+ const unsigned char *in,
+ unsigned int inlen,
+ void *arg)
+{
+ static const unsigned char alpn[] = { 7, 'n', 't', 's', 'k', 'e', '/', '1' };
+ unsigned i;
+
+ (void)ssl;
+ (void)arg;
+
+ for (i = 0; i < inlen; i += in[i]) {
+ if (in[i] == alpn[0] && !memcmp(&in[i+1], &alpn[1], alpn[0])) {
+ *outlen = in[i];
+ *out = &in[i+1];
+ return SSL_TLSEXT_ERR_OK;
+ }
+ }
+
+ return SSL_TLSEXT_ERR_NOACK;
+}
+#endif
bool nts_server_init(void) {
bool ok = true;
@@ -67,6 +92,10 @@ bool nts_server_init(void) {
return false;
}
+#if (OPENSSL_VERSION_NUMBER > 0x1000200fL)
+ SSL_CTX_set_alpn_select_cb(server_ctx, alpn_select_cb, NULL);
+#endif
+
SSL_CTX_set_session_cache_mode(server_ctx, SSL_SESS_CACHE_OFF);
ok &= nts_load_versions(server_ctx);
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/8eecdfb8f2e9f9cd1daa7d5ceca702e674121833
--
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/8eecdfb8f2e9f9cd1daa7d5ceca702e674121833
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20190625/dfee37db/attachment-0001.htm>
More information about the vc
mailing list