nghttpx: Add --alpn-list and deprecate --npn-list

gennghttpxfun.py

@@ -200,6 +200,7 @@
     "frontend-quic-initial-rtt",
     "require-http-scheme",
     "tls-ktls",
+    "alpn-list",
 ]
 
 LOGVARS = [

src/shrpx.cc

@@ -1911,7 +1911,7 @@ bool conf_exists(const char *path) {
 } // namespace
 
 namespace {
-constexpr auto DEFAULT_NPN_LIST =
+constexpr auto DEFAULT_ALPN_LIST =
     StringRef::from_lit("h2,h2-16,h2-14,http/1.1");
 } // namespace
 
@@ -2798,14 +2798,14 @@ SSL/TLS:
               Path to file that contains  DH parameters in PEM format.
               Without  this   option,  DHE   cipher  suites   are  not
               available.
-  --npn-list=<LIST>
+  --alpn-list=<LIST>
               Comma delimited list of  ALPN protocol identifier sorted
               in the  order of preference.  That  means most desirable
               protocol comes  first.  The parameter must  be delimited
               by a single comma only  and any white spaces are treated
               as a part of protocol string.
               Default: )"
-      << DEFAULT_NPN_LIST
+      << DEFAULT_ALPN_LIST
       << R"(
   --verify-client
               Require and verify client certificate.
@@ -3749,8 +3749,8 @@ int process_options(Config *config,
 
   auto &tlsconf = config->tls;
 
-  if (tlsconf.npn_list.empty()) {
-    tlsconf.npn_list = util::split_str(DEFAULT_NPN_LIST, ',');
+  if (tlsconf.alpn_list.empty()) {
+    tlsconf.alpn_list = util::split_str(DEFAULT_ALPN_LIST, ',');
   }
 
   if (!tlsconf.tls_proto_list.empty()) {
@@ -3765,7 +3765,7 @@ int process_options(Config *config,
     return -1;
   }
 
-  if (tls::set_alpn_prefs(tlsconf.alpn_prefs, tlsconf.npn_list) != 0) {
+  if (tls::set_alpn_prefs(tlsconf.alpn_prefs, tlsconf.alpn_list) != 0) {
     return -1;
   }
 
@@ -4376,6 +4376,7 @@ int main(int argc, char **argv) {
          190},
         {SHRPX_OPT_REQUIRE_HTTP_SCHEME.c_str(), no_argument, &flag, 191},
         {SHRPX_OPT_TLS_KTLS.c_str(), no_argument, &flag, 192},
+        {SHRPX_OPT_ALPN_LIST.c_str(), required_argument, &flag, 193},
         {nullptr, 0, nullptr, 0}};
 
     int option_index = 0;
@@ -5289,6 +5290,10 @@ int main(int argc, char **argv) {
         // --tls-ktls
         cmdcfgs.emplace_back(SHRPX_OPT_TLS_KTLS, StringRef::from_lit("yes"));
         break;
+      case 193:
+        // --alpn-list
+        cmdcfgs.emplace_back(SHRPX_OPT_ALPN_LIST, StringRef{optarg});
+        break;
       default:
         break;
       }

src/shrpx_client_handler.cc

@@ -634,7 +634,7 @@ int ClientHandler::validate_next_proto() {
     proto = StringRef::from_lit("http/1.1");
   }
 
-  if (!tls::in_proto_list(get_config()->tls.npn_list, proto)) {
+  if (!tls::in_proto_list(get_config()->tls.alpn_list, proto)) {
     if (LOG_ENABLED(INFO)) {
       CLOG(INFO, this) << "The negotiated protocol is not supported: " << proto;
     }

src/shrpx_config.cc

@@ -1912,6 +1912,11 @@ int option_lookup_token(const char *name, size_t namelen) {
         return SHRPX_OPTID_LOG_LEVEL;
       }
       break;
+    case 't':
+      if (util::strieq_l("alpn-lis", name, 8)) {
+        return SHRPX_OPTID_ALPN_LIST;
+      }
+      break;
     }
     break;
   case 10:
@@ -3341,15 +3346,6 @@ int parse_config(Config *config, int optid, const StringRef &opt,
   case SHRPX_OPTID_WORKER_WRITE_BURST:
     LOG(WARN) << opt << ": not implemented yet";
     return 0;
-  case SHRPX_OPTID_NPN_LIST: {
-    auto list = util::split_str(optarg, ',');
-    config->tls.npn_list.resize(list.size());
-    for (size_t i = 0; i < list.size(); ++i) {
-      config->tls.npn_list[i] = make_string_ref(config->balloc, list[i]);
-    }
-
-    return 0;
-  }
   case SHRPX_OPTID_TLS_PROTO_LIST: {
     LOG(WARN) << opt
               << ": deprecated.  Use tls-min-proto-version and "
@@ -4174,6 +4170,18 @@ int parse_config(Config *config, int optid, const StringRef &opt,
   case SHRPX_OPTID_TLS_KTLS:
     config->tls.ktls = util::strieq_l("yes", optarg);
     return 0;
+  case SHRPX_OPTID_NPN_LIST:
+    LOG(WARN) << opt << ": deprecated.  Use alpn-list instead.";
+    // fall through
+  case SHRPX_OPTID_ALPN_LIST: {
+    auto list = util::split_str(optarg, ',');
+    config->tls.alpn_list.resize(list.size());
+    for (size_t i = 0; i < list.size(); ++i) {
+      config->tls.alpn_list[i] = make_string_ref(config->balloc, list[i]);
+    }
+
+    return 0;
+  }
   case SHRPX_OPTID_CONF:
     LOG(WARN) << "conf: ignored";
 

src/shrpx_config.h

@@ -405,6 +405,7 @@ constexpr auto SHRPX_OPT_FRONTEND_QUIC_INITIAL_RTT =
 constexpr auto SHRPX_OPT_REQUIRE_HTTP_SCHEME =
     StringRef::from_lit("require-http-scheme");
 constexpr auto SHRPX_OPT_TLS_KTLS = StringRef::from_lit("tls-ktls");
+constexpr auto SHRPX_OPT_ALPN_LIST = StringRef::from_lit("alpn-list");
 
 constexpr size_t SHRPX_OBFUSCATED_NODE_LENGTH = 8;
 
@@ -755,7 +756,7 @@ struct TLSConfig {
   std::vector<unsigned char> alpn_prefs;
   // list of supported ALPN protocol strings in the order of
   // preference.
-  std::vector<StringRef> npn_list;
+  std::vector<StringRef> alpn_list;
   // list of supported SSL/TLS protocol strings.
   std::vector<StringRef> tls_proto_list;
   std::vector<uint8_t> sct_data;
@@ -1183,6 +1184,7 @@ enum {
   SHRPX_OPTID_ADD_REQUEST_HEADER,
   SHRPX_OPTID_ADD_RESPONSE_HEADER,
   SHRPX_OPTID_ADD_X_FORWARDED_FOR,
+  SHRPX_OPTID_ALPN_LIST,
   SHRPX_OPTID_ALTSVC,
   SHRPX_OPTID_API_MAX_REQUEST_BODY,
   SHRPX_OPTID_BACKEND,

src/shrpx_tls.cc

@@ -638,10 +638,10 @@ namespace {
 int alpn_select_proto_cb(SSL *ssl, const unsigned char **out,
                          unsigned char *outlen, const unsigned char *in,
                          unsigned int inlen, void *arg) {
-  // We assume that get_config()->npn_list contains ALPN protocol
+  // We assume that get_config()->alpn_list contains ALPN protocol
   // identifier sorted by preference order.  So we just break when we
   // found the first overlap.
-  for (const auto &target_proto_id : get_config()->tls.npn_list) {
+  for (const auto &target_proto_id : get_config()->tls.alpn_list) {
     for (auto p = in, end = in + inlen; p < end;) {
       auto proto_id = p + 1;
       auto proto_len = *p;