MEDIUM: httpclient: enable ALPN support on outgoing https connections

Since everything is available for this, let's enable ALPN with the
usual "h2,http/1.1" on the https server. This will allow HTTPS requests
to use HTTP/2 when available.

It may be needed to permit to disable this (or to set the string) in
case some client code explicitly checks for the "HTTP/1.1" string, but
since httpclient is quite young it's unlikely that such code already
exists.

diff --git a/src/http_client.c b/src/http_client.c
index 72acd7f438df031f425d3db1fee23c4e0dc8420f..c3a8d490c70c6c32d2c27ff191f0f1fbf7a7c32c 100644 (file)
--- a/src/http_client.c
+++ b/src/http_client.c
@@ -32,7 +32,7 @@
 #include <haproxy/resolvers.h>
 #include <haproxy/sc_strm.h>
 #include <haproxy/server.h>
-#include <haproxy/ssl_sock-t.h>
+#include <haproxy/ssl_sock.h>
 #include <haproxy/sock_inet.h>
 #include <haproxy/stconn.h>
 #include <haproxy/tools.h>
@@ -1186,6 +1186,12 @@ static int httpclient_precheck()
                goto err;
        }
 
+#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
+       if (ssl_sock_parse_alpn("h2,http/1.1", &httpclient_srv_ssl->ssl_ctx.alpn_str, &httpclient_srv_ssl->ssl_ctx.alpn_len, &errmsg) != 0) {
+               err_code |= ERR_ALERT | ERR_FATAL;
+               goto err;
+       }
+#endif
        httpclient_srv_ssl->ssl_ctx.verify = httpclient_ssl_verify;
        /* if the verify is required, try to load the system CA */
        if (httpclient_ssl_verify == SSL_SOCK_VERIFY_REQUIRED) {