Skip to content

Add ALPN support via UnityTLS #32

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
BorisShir merged 5 commits into from
Jul 9, 2025
Merged

Add ALPN support via UnityTLS #32

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
143a569
Add alpn support
BorisShir Jan 23, 2025
077a5ce
Fix stupid
BorisShir Jun 17, 2025
9d815ab
Update based on actual UnityTLS changes
BorisShir Jul 7, 2025
023d345
Get rid of extra HAS_ALPN define
BorisShir Jul 7, 2025
f10433a
Making sure that protocols array is null-terminated
BorisShir Jul 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 32 additions & 2 deletions lib/vtls/unitytls.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,9 @@ struct ssl_backend_data {
unitytls_x509list* clicert;
unitytls_key* pk;
unitytls_tlsctx* ctx;
#ifdef HAS_ALPN
const char *protocols[ALPN_ENTRIES_MAX + 1];
#endif
};

/*
Expand Down Expand Up @@ -455,6 +458,26 @@ static CURLcode unitytls_connect_step1(struct Curl_cfilter *cf, struct Curl_easy
return CURLE_SSL_CONNECT_ERROR;
}

#ifdef HAS_ALPN
if (connssl->alpn) {
struct alpn_proto_buf proto;
// mbedtls_ssl_conf_alpn_protocols does not clone the protocols array, which is why we need to keep it inside backend struct
size_t i;
DEBUGASSERT(connssl->alpn->count <= ALPN_ENTRIES_MAX);
for (i = 0; i < connssl->alpn->count; ++i) {
backend->protocols[i] = connssl->alpn->entries[i];
}
backend->protocols[connssl->alpn->count] = NULL; // the protocols array must be null-terminated
unitytls->unitytls_tlsctx_set_alpn_protocols(backend->ctx, &backend->protocols[0], &err);
if(err.code != UNITYTLS_SUCCESS) {
failf(data, "Failed setting APLN protocols: %i", err.code);
return CURLE_SSL_CONNECT_ERROR;
}
Curl_alpn_to_proto_str(&proto, connssl->alpn);
infof(data, VTLS_INFOF_ALPN_OFFER_1STR, proto.data);
}
#endif

/* give application a chance to interfere with SSL set up. */
if(data->set.ssl.fsslctx) {
CURLcode result = (*data->set.ssl.fsslctx)(data, backend->ctx, data->set.ssl.fsslctxp);
Expand All @@ -469,7 +492,7 @@ static CURLcode unitytls_connect_step1(struct Curl_cfilter *cf, struct Curl_easy
return CURLE_OK;
}

static CURLcode unitytls_connect_step2(struct Curl_easy* data, struct ssl_connect_data* connssl)
static CURLcode unitytls_connect_step2(struct Curl_cfilter* cf, struct Curl_easy* data, struct ssl_connect_data* connssl)
{
struct ssl_backend_data* backend = connssl->backend;

Expand Down Expand Up @@ -510,6 +533,13 @@ static CURLcode unitytls_connect_step2(struct Curl_easy* data, struct ssl_connec
}
}

#ifdef HAS_ALPN
if (connssl->alpn) {
const char *proto = unitytls->unitytls_tlsctx_get_alpn_protocol(backend->ctx);
Curl_alpn_set_negotiated(cf, data, (const unsigned char *)proto, proto ? strlen(proto) : 0);
}
#endif

/* We almost certainly have a verifyresult!=UNITYTLS_X509VERIFY_SUCCESS as well, but in theory it is still possible to hit this code. */
if (err.code == UNITYTLS_SUCCESS) {
connssl->connecting_state = ssl_connect_3;
Expand Down Expand Up @@ -567,7 +597,7 @@ static CURLcode unitytls_connect_common(struct Curl_cfilter *cf, struct Curl_eas
return CURLE_OPERATION_TIMEDOUT;
}

retcode = unitytls_connect_step2(data, connssl);
retcode = unitytls_connect_step2(cf, data, connssl);
if(retcode != CURLE_OK || (nonblocking && ssl_connect_2 == connssl->connecting_state))
return retcode;
} /* repeat step2 until all transactions are done. */
Expand Down
15 changes: 15 additions & 0 deletions lib/vtls/unitytls_interface.h
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,11 @@
#ifndef HEADER_CURL_UNITYTLS_INTERFACE_H
#define HEADER_CURL_UNITYTLS_INTERFACE_H

/* ALPN for http2 */
#ifdef USE_HTTP2
#define HAS_ALPN
#endif

#include <stdint.h>

typedef int8_t SInt8;
Expand Down Expand Up @@ -264,6 +269,11 @@ typedef void (*unitytls_tlsctx_set_certificate_callback_t

typedef void (*unitytls_random_generate_bytes_t)(UInt8* buffer, size_t bufferLen, unitytls_errorstate* errorState);

#ifdef HAS_ALPN
typedef void (*unitytls_tlsctx_set_alpn_protocols_t)(unitytls_tlsctx* ctx, const char **protocols, unitytls_errorstate * errorState);
typedef const char* (*unitytls_tlsctx_get_alpn_protocol_t)(unitytls_tlsctx* ctx);
#endif

/* Interface struct used to integrate UnityTLS into external libraries. */
/* See InterfaceStruct.cpp in UnityTLS. */
typedef struct unitytls_interface_struct
Expand Down Expand Up @@ -311,6 +321,11 @@ typedef struct unitytls_interface_struct

unitytls_x509verify_result_to_string_t unitytls_x509verify_result_to_string;
unitytls_tlsctx_set_trace_level_t unitytls_tlsctx_set_trace_level;

#ifdef HAS_ALPN
unitytls_tlsctx_set_alpn_protocols_t unitytls_tlsctx_set_alpn_protocols;
unitytls_tlsctx_get_alpn_protocol_t unitytls_tlsctx_get_alpn_protocol;
#endif
} unitytls_interface_struct;


Expand Down
Loading