MonetDB: default - Re-enable ALPN on TLS connections

Fri, 10 Jan 2025 04:44:41 -0800 

Changeset: e1fe50e651da for MonetDB
URL: https://dev.monetdb.org/hg/MonetDB/rev/e1fe50e651da
Modified Files:
        clients/mapilib/Tests/tlssecurity.py
        clients/mapilib/connect_openssl.c
Branch: default
Log Message:

Re-enable ALPN on TLS connections

Identify TLS connection as "mapi/9" similar to what pymonetdb and
monetdb-java do.

This had been disabled temporarily when test clients/mapilib/systemcertificates
was still a crude hack but that has not been the case since November 2023.


diffs (36 lines):

diff --git a/clients/mapilib/Tests/tlssecurity.py 
b/clients/mapilib/Tests/tlssecurity.py
--- a/clients/mapilib/Tests/tlssecurity.py
+++ b/clients/mapilib/Tests/tlssecurity.py
@@ -166,10 +166,7 @@ attempt('connect_server_name', 'sni', No
 # indicates that the implementation successfully negotiated ALPN protocol
 # "mapi/9".
 
-####### Temporarily disable the ALPN header.
-####### TODO re-enable it when test systemcertificates.py no longer relies
-####### on connecting to an HTTPS server. (Which is an ugly hack in the first 
place!)
-# attempt('connect_alpn_mapi9', 'alpn_mapi9', None, cert=certpath('ca1.crt'))
+attempt('connect_alpn_mapi9', 'alpn_mapi9', None, cert=certpath('ca1.crt'))
 
 # connect_right_hash
 #
diff --git a/clients/mapilib/connect_openssl.c 
b/clients/mapilib/connect_openssl.c
--- a/clients/mapilib/connect_openssl.c
+++ b/clients/mapilib/connect_openssl.c
@@ -269,17 +269,12 @@ wrap_tls(Mapi mid, SOCKET sock)
                return croak_openssl(mid, __func__, 
"X509_VERIFY_PARAM_set1_host");
        }
 
-       // Temporarily disable the ALPN header.
-       // TODO re-enable it when test systemcertificates.py no longer relies
-       // on connecting to an HTTPS server. (Which is an ugly hack in the 
first place!)
-#if 0
        unsigned char alpn_vector[] = { 6, 'm', 'a', 'p', 'i', '/', '9' };
        // NOTE: these functions return 0 on success, not 1!
        if (0 != SSL_set_alpn_protos(ssl, alpn_vector, sizeof(alpn_vector))) {
                BIO_free_all(bio);
                return croak_openssl(mid, __func__, "SSL_set_alpn_protos");
        }
-#endif
 
        assert(clientkey);
        assert(clientcert);
_______________________________________________
checkin-list mailing list -- checkin-list@monetdb.org
To unsubscribe send an email to checkin-list-le...@monetdb.org

Reply via email to