http2: support ALPNCallback option

ZYSzys · ruyadorno · commit d2f82223d12b · 2025-01-05T13:05:26.000-05:00
PR-URL: #56187 Fixes: #55994 Refs: #45190 Reviewed-By: Tim Perry <pimterry@gmail.com> Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
diff --git a/lib/internal/http2/core.js b/lib/internal/http2/core.js
@@ -3136,9 +3136,13 @@ function initializeOptions(options){
 
 function initializeTLSOptions(options, servername){
 options = initializeOptions(options);
- options.ALPNProtocols = ['h2'];
- if (options.allowHTTP1 === true)
- options.ALPNProtocols.push('http/1.1');
+
+ if (!options.ALPNCallback){
+ options.ALPNProtocols = ['h2'];
+ if (options.allowHTTP1 === true)
+ options.ALPNProtocols.push('http/1.1');
+ }
+
 if (servername !== undefined && !options.servername)
 options.servername = servername;
 return options;
diff --git a/test/parallel/test-http2-alpn.js b/test/parallel/test-http2-alpn.js
@@ -0,0 +1,47 @@
+'use strict';
+const common = require('../common');
+const fixtures = require('../common/fixtures');
+
+// This test verifies that http2 server support ALPNCallback option.
+
+if (!common.hasCrypto) common.skip('missing crypto');
+
+const assert = require('assert');
+const h2 = require('http2');
+const tls = require('tls');
+
+{
+ // Server sets two incompatible ALPN options:
+ assert.throws(() => h2.createSecureServer({
+ ALPNCallback: () => 'a',
+ ALPNProtocols: ['b', 'c']
+ }), (error) => error.code === 'ERR_TLS_ALPN_CALLBACK_WITH_PROTOCOLS');
+}
+
+{
+ const server = h2.createSecureServer({
+ key: fixtures.readKey('rsa_private.pem'),
+ cert: fixtures.readKey('rsa_cert.crt'),
+ ALPNCallback: () => 'a',
+ });
+
+ server.on(
+ 'secureConnection',
+ common.mustCall((socket) =>{
+ assert.strictEqual(socket.alpnProtocol, 'a');
+ socket.end();
+ server.close();
+ })
+ );
+
+ server.listen(0, function(){
+ const client = tls.connect({
+ port: server.address().port,
+ rejectUnauthorized: false,
+ ALPNProtocols: ['a'],
+ }, common.mustCall(() =>{
+ assert.strictEqual(client.alpnProtocol, 'a');
+ client.end();
+ }));
+ });
+}

-Original file line number
+Diff line change
 functioninitializeTLSOptions(options,servername){
 options=initializeOptions(options);
 -options.ALPNProtocols=['h2'];
 -if(options.allowHTTP1===true)
 -options.ALPNProtocols.push('http/1.1');
++
 +if(!options.ALPNCallback){
 +options.ALPNProtocols=['h2'];
 +if(options.allowHTTP1===true)
 +options.ALPNProtocols.push('http/1.1');
 +}
++
 if(servername!==undefined&&!options.servername)
 options.servername=servername;
 returnoptions;
-Original file line number
+Diff line change
@@ @@ -0,0 +1,47 @@ @@
 +'use strict';
 +constcommon=require('../common');
 +constfixtures=require('../common/fixtures');
++
 +// This test verifies that http2 server support ALPNCallback option.
++
 +if(!common.hasCrypto)common.skip('missing crypto');
++
 +constassert=require('assert');
 +consth2=require('http2');
 +consttls=require('tls');
++
 +{
 +// Server sets two incompatible ALPN options:
 +assert.throws(()=>h2.createSecureServer({
 +ALPNCallback: ()=>'a',
 +ALPNProtocols: ['b','c']
 +}),(error)=>error.code==='ERR_TLS_ALPN_CALLBACK_WITH_PROTOCOLS');
 +}
++
 +{
 +constserver=h2.createSecureServer({
 +key: fixtures.readKey('rsa_private.pem'),
 +cert: fixtures.readKey('rsa_cert.crt'),
 +ALPNCallback: ()=>'a',
 +});
++
 +server.on(
 +'secureConnection',
 +common.mustCall((socket)=>{
 +assert.strictEqual(socket.alpnProtocol,'a');
 +socket.end();
 +server.close();
 +})
 +);
++
 +server.listen(0,function(){
 +constclient=tls.connect({
 +port: server.address().port,
 +rejectUnauthorized: false,
 +ALPNProtocols: ['a'],
 +},common.mustCall(()=>{
 +assert.strictEqual(client.alpnProtocol,'a');
 +client.end();
 +}));
 +});
 +}