From 675ffc6456de37d991b5c0a0ed265db4cc0a0395 Mon Sep 17 00:00:00 2001 From: Zhidao HONG Date: Tue, 15 Jul 2025 14:54:21 +0000 Subject: [PATCH] Upstream: add support for connection level ALPN protocol negotiation. This commit is prepared for HTTP/2 and HTTP/3 support. The ALPN protocol is now set per-connection in ngx_http_upstream_ssl_init_connection(), allowing proper protocol negotiation for each individual upstream connection regardless of SSL context sharing. --- src/http/ngx_http_upstream.c | 17 +++++++++++++++++ src/http/ngx_http_upstream.h | 1 + 2 files changed, 18 insertions(+) diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c index de0f92a4f..59da9b5f4 100644 --- a/src/http/ngx_http_upstream.c +++ b/src/http/ngx_http_upstream.c @@ -1767,6 +1767,23 @@ ngx_http_upstream_ssl_init_connection(ngx_http_request_t *r, } } +#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation + + if (u->ssl_alpn_protocol.len) { + if (SSL_set_alpn_protos(c->ssl->connection, u->ssl_alpn_protocol.data, + u->ssl_alpn_protocol.len) + != 0) + { + ngx_ssl_error(NGX_LOG_ERR, c->log, 0, + "SSL_set_alpn_protos() failed"); + ngx_http_upstream_finalize_request(r, u, + NGX_HTTP_INTERNAL_SERVER_ERROR); + return; + } + } + +#endif + if (u->conf->ssl_session_reuse) { c->ssl->save_session = ngx_http_upstream_ssl_save_session; diff --git a/src/http/ngx_http_upstream.h b/src/http/ngx_http_upstream.h index f3e9f7979..63e0987fe 100644 --- a/src/http/ngx_http_upstream.h +++ b/src/http/ngx_http_upstream.h @@ -390,6 +390,7 @@ struct ngx_http_upstream_s { #if (NGX_HTTP_SSL || NGX_COMPAT) ngx_str_t ssl_name; + ngx_str_t ssl_alpn_protocol; #endif ngx_http_cleanup_pt *cleanup;