1
/***************************************************************************
2
 *                                  _   _ ____  _
3
 *  Project                     ___| | | |  _ \| |
4
 *                             / __| | | | |_) | |
5
 *                            | (__| |_| |  _ <| |___
6
 *                             \___|\___/|_| \_\_____|
7
 *
8
 * Copyright (C) Daniel Stenberg, <[email protected]>, et al.
9
 *
10
 * This software is licensed as described in the file COPYING, which
11
 * you should have received as part of this distribution. The terms
12
 * are also available at https://curl.se/docs/copyright.html.
13
 *
14
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15
 * copies of the Software, and permit persons to whom the Software is
16
 * furnished to do so, under the terms of the COPYING file.
17
 *
18
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19
 * KIND, either express or implied.
20
 *
21
 * SPDX-License-Identifier: curl
22
 *
23
 ***************************************************************************/
24

25
#include "curl_setup.h"
26

27
#if !defined(CURL_DISABLE_HTTP)
28

29
#include "urldata.h"
30
#include <curl/curl.h>
31
#include "curl_trc.h"
32
#include "cfilters.h"
33
#include "connect.h"
34
#include "hostip.h"
35
#include "multiif.h"
36
#include "cf-https-connect.h"
37
#include "http2.h"
38
#include "vquic/vquic.h"
39

40
/* The last 3 #include files should be in this order */
41
#include "curl_printf.h"
42
#include "curl_memory.h"
43
#include "memdebug.h"
44

45
typedef enum {
46
  CF_HC_INIT,
47
  CF_HC_CONNECT,
48
  CF_HC_SUCCESS,
49
  CF_HC_FAILURE
50
} cf_hc_state;
51

52
struct cf_hc_baller {
53
  const char *name;
54
  struct Curl_cfilter *cf;
55
  CURLcode result;
56
  struct curltime started;
57
  int reply_ms;
58
  enum alpnid alpn_id;
59
  BIT(shutdown);
60
};
61

62
static void cf_hc_baller_reset(struct cf_hc_baller *b,
63
                               struct Curl_easy *data)
64
{
65
  if(b->cf) {
66
    Curl_conn_cf_close(b->cf, data);
67
    Curl_conn_cf_discard_chain(&b->cf, data);
68
    b->cf = NULL;
69
  }
70
  b->result = CURLE_OK;
71
  b->reply_ms = -1;
72
}
73

74
static bool cf_hc_baller_is_active(struct cf_hc_baller *b)
75
{
76
  return b->cf && !b->result;
77
}
78

79
static bool cf_hc_baller_has_started(struct cf_hc_baller *b)
80
{
81
  return !!b->cf;
82
}
83

84
static int cf_hc_baller_reply_ms(struct cf_hc_baller *b,
85
                                 struct Curl_easy *data)
86
{
87
  if(b->cf && (b->reply_ms < 0))
88
    b->cf->cft->query(b->cf, data, CF_QUERY_CONNECT_REPLY_MS,
89
                      &b->reply_ms, NULL);
90
  return b->reply_ms;
91
}
92

93
static bool cf_hc_baller_data_pending(struct cf_hc_baller *b,
94
                                      const struct Curl_easy *data)
95
{
96
  return b->cf && !b->result && b->cf->cft->has_data_pending(b->cf, data);
97
}
98

99
static bool cf_hc_baller_needs_flush(struct cf_hc_baller *b,
100
                                     struct Curl_easy *data)
101
{
102
  return b->cf && !b->result && Curl_conn_cf_needs_flush(b->cf, data);
103
}
104

105
static CURLcode cf_hc_baller_cntrl(struct cf_hc_baller *b,
106
                                   struct Curl_easy *data,
107
                                   int event, int arg1, void *arg2)
108
{
109
  if(b->cf && !b->result)
110
    return Curl_conn_cf_cntrl(b->cf, data, FALSE, event, arg1, arg2);
111
  return CURLE_OK;
112
}
113

114
struct cf_hc_ctx {
115
  cf_hc_state state;
116
  struct curltime started;  /* when connect started */
117
  CURLcode result;          /* overall result */
118
  struct cf_hc_baller ballers[2];
119
  size_t baller_count;
120
  unsigned int soft_eyeballs_timeout_ms;
121
  unsigned int hard_eyeballs_timeout_ms;
122
};
123

124
static void cf_hc_baller_assign(struct cf_hc_baller *b,
125
                                enum alpnid alpn_id)
126
{
127
  b->alpn_id = alpn_id;
128
  switch(b->alpn_id) {
129
  case ALPN_h3:
130
    b->name = "h3";
131
    break;
132
  case ALPN_h2:
133
    b->name = "h2";
134
    break;
135
  case ALPN_h1:
136
    b->name = "h1";
137
    break;
138
  default:
139
    b->result = CURLE_FAILED_INIT;
140
    break;
141
  }
142
}
143

144
static void cf_hc_baller_init(struct cf_hc_baller *b,
145
                              struct Curl_cfilter *cf,
146
                              struct Curl_easy *data,
147
                              int transport)
148
{
149
  struct Curl_cfilter *save = cf->next;
150

151
  cf->next = NULL;
152
  b->started = curlx_now();
153
  switch(b->alpn_id) {
154
  case ALPN_h3:
155
    transport = TRNSPRT_QUIC;
156
    break;
157
  default:
158
    break;
159
  }
160

161
  if(!b->result)
162
    b->result = Curl_cf_setup_insert_after(cf, data, transport,
163
                                           CURL_CF_SSL_ENABLE);
164
  b->cf = cf->next;
165
  cf->next = save;
166
}
167

168
static CURLcode cf_hc_baller_connect(struct cf_hc_baller *b,
169
                                     struct Curl_cfilter *cf,
170
                                     struct Curl_easy *data,
171
                                     bool *done)
172
{
173
  struct Curl_cfilter *save = cf->next;
174

175
  cf->next = b->cf;
176
  b->result = Curl_conn_cf_connect(cf->next, data, done);
177
  b->cf = cf->next; /* it might mutate */
178
  cf->next = save;
179
  return b->result;
180
}
181

182
static void cf_hc_reset(struct Curl_cfilter *cf, struct Curl_easy *data)
183
{
184
  struct cf_hc_ctx *ctx = cf->ctx;
185
  size_t i;
186

187
  if(ctx) {
188
    for(i = 0; i < ctx->baller_count; ++i)
189
      cf_hc_baller_reset(&ctx->ballers[i], data);
190
    ctx->state = CF_HC_INIT;
191
    ctx->result = CURLE_OK;
192
    ctx->hard_eyeballs_timeout_ms = data->set.happy_eyeballs_timeout;
193
    ctx->soft_eyeballs_timeout_ms = data->set.happy_eyeballs_timeout / 4;
194
  }
195
}
196

197
static CURLcode baller_connected(struct Curl_cfilter *cf,
198
                                 struct Curl_easy *data,
199
                                 struct cf_hc_baller *winner)
200
{
201
  struct cf_hc_ctx *ctx = cf->ctx;
202
  CURLcode result = CURLE_OK;
203
  int reply_ms;
204
  size_t i;
205

206
  DEBUGASSERT(winner->cf);
207
  for(i = 0; i < ctx->baller_count; ++i)
208
    if(winner != &ctx->ballers[i])
209
      cf_hc_baller_reset(&ctx->ballers[i], data);
210

211
  reply_ms = cf_hc_baller_reply_ms(winner, data);
212
  if(reply_ms >= 0)
213
    CURL_TRC_CF(data, cf, "connect+handshake %s: %dms, 1st data: %dms",
214
                winner->name, (int)curlx_timediff(curlx_now(),
215
                                                  winner->started), reply_ms);
216
  else
217
    CURL_TRC_CF(data, cf, "deferred handshake %s: %dms",
218
                winner->name, (int)curlx_timediff(curlx_now(),
219
                                                  winner->started));
220

221
  cf->next = winner->cf;
222
  winner->cf = NULL;
223

224
  switch(cf->conn->alpn) {
225
  case CURL_HTTP_VERSION_3:
226
    break;
227
  case CURL_HTTP_VERSION_2:
228
#ifdef USE_NGHTTP2
229
    /* Using nghttp2, we add the filter "below" us, so when the conn
230
     * closes, we tear it down for a fresh reconnect */
231
    result = Curl_http2_switch_at(cf, data);
232
    if(result) {
233
      ctx->state = CF_HC_FAILURE;
234
      ctx->result = result;
235
      return result;
236
    }
237
#endif
238
    break;
239
  default:
240
    break;
241
  }
242
  ctx->state = CF_HC_SUCCESS;
243
  cf->connected = TRUE;
244
  return result;
245
}
246

247

248
static bool time_to_start_next(struct Curl_cfilter *cf,
249
                               struct Curl_easy *data,
250
                               size_t idx, struct curltime now)
251
{
252
  struct cf_hc_ctx *ctx = cf->ctx;
253
  timediff_t elapsed_ms;
254
  size_t i;
255

256
  if(idx >= ctx->baller_count)
257
    return FALSE;
258
  if(cf_hc_baller_has_started(&ctx->ballers[idx]))
259
    return FALSE;
260
  for(i = 0; i < idx; i++) {
261
    if(!ctx->ballers[i].result)
262
      break;
263
  }
264
  if(i == idx) {
265
    CURL_TRC_CF(data, cf, "all previous attempts failed, starting %s",
266
                ctx->ballers[idx].name);
267
    return TRUE;
268
  }
269
  elapsed_ms = curlx_timediff(now, ctx->started);
270
  if(elapsed_ms >= ctx->hard_eyeballs_timeout_ms) {
271
    CURL_TRC_CF(data, cf, "hard timeout of %dms reached, starting %s",
272
                ctx->hard_eyeballs_timeout_ms, ctx->ballers[idx].name);
273
    return TRUE;
274
  }
275

276
  if((idx > 0) && (elapsed_ms >= ctx->soft_eyeballs_timeout_ms)) {
277
    if(cf_hc_baller_reply_ms(&ctx->ballers[idx - 1], data) < 0) {
278
      CURL_TRC_CF(data, cf, "soft timeout of %dms reached, %s has not "
279
                  "seen any data, starting %s",
280
                  ctx->soft_eyeballs_timeout_ms,
281
                  ctx->ballers[idx - 1].name, ctx->ballers[idx].name);
282
      return TRUE;
283
    }
284
    /* set the effective hard timeout again */
285
    Curl_expire(data, ctx->hard_eyeballs_timeout_ms - elapsed_ms,
286
                EXPIRE_ALPN_EYEBALLS);
287
  }
288
  return FALSE;
289
}
290

291
static CURLcode cf_hc_connect(struct Curl_cfilter *cf,
292
                              struct Curl_easy *data,
293
                              bool *done)
294
{
295
  struct cf_hc_ctx *ctx = cf->ctx;
296
  struct curltime now;
297
  CURLcode result = CURLE_OK;
298
  size_t i, failed_ballers;
299

300
  if(cf->connected) {
301
    *done = TRUE;
302
    return CURLE_OK;
303
  }
304

305
  *done = FALSE;
306
  now = curlx_now();
307
  switch(ctx->state) {
308
  case CF_HC_INIT:
309
    DEBUGASSERT(!cf->next);
310
    for(i = 0; i < ctx->baller_count; i++)
311
      DEBUGASSERT(!ctx->ballers[i].cf);
312
    CURL_TRC_CF(data, cf, "connect, init");
313
    ctx->started = now;
314
    cf_hc_baller_init(&ctx->ballers[0], cf, data, cf->conn->transport);
315
    if(ctx->baller_count > 1) {
316
      Curl_expire(data, ctx->soft_eyeballs_timeout_ms, EXPIRE_ALPN_EYEBALLS);
317
      CURL_TRC_CF(data, cf, "set next attempt to start in %ums",
318
                  ctx->soft_eyeballs_timeout_ms);
319
    }
320
    ctx->state = CF_HC_CONNECT;
321
    FALLTHROUGH();
322

323
  case CF_HC_CONNECT:
324
    if(cf_hc_baller_is_active(&ctx->ballers[0])) {
325
      result = cf_hc_baller_connect(&ctx->ballers[0], cf, data, done);
326
      if(!result && *done) {
327
        result = baller_connected(cf, data, &ctx->ballers[0]);
328
        goto out;
329
      }
330
    }
331

332
    if(time_to_start_next(cf, data, 1, now)) {
333
      cf_hc_baller_init(&ctx->ballers[1], cf, data, cf->conn->transport);
334
    }
335

336
    if((ctx->baller_count > 1) && cf_hc_baller_is_active(&ctx->ballers[1])) {
337
      CURL_TRC_CF(data, cf, "connect, check %s", ctx->ballers[1].name);
338
      result = cf_hc_baller_connect(&ctx->ballers[1], cf, data, done);
339
      if(!result && *done) {
340
        result = baller_connected(cf, data, &ctx->ballers[1]);
341
        goto out;
342
      }
343
    }
344

345
    failed_ballers = 0;
346
    for(i = 0; i < ctx->baller_count; i++) {
347
      if(ctx->ballers[i].result)
348
        ++failed_ballers;
349
    }
350

351
    if(failed_ballers == ctx->baller_count) {
352
      /* all have failed. we give up */
353
      CURL_TRC_CF(data, cf, "connect, all attempts failed");
354
      for(i = 0; i < ctx->baller_count; i++) {
355
        if(ctx->ballers[i].result) {
356
          result = ctx->ballers[i].result;
357
          break;
358
        }
359
      }
360
      ctx->state = CF_HC_FAILURE;
361
      goto out;
362
    }
363
    result = CURLE_OK;
364
    *done = FALSE;
365
    break;
366

367
  case CF_HC_FAILURE:
368
    result = ctx->result;
369
    cf->connected = FALSE;
370
    *done = FALSE;
371
    break;
372

373
  case CF_HC_SUCCESS:
374
    result = CURLE_OK;
375
    cf->connected = TRUE;
376
    *done = TRUE;
377
    break;
378
  }
379

380
out:
381
  CURL_TRC_CF(data, cf, "connect -> %d, done=%d", result, *done);
382
  return result;
383
}
384

385
static CURLcode cf_hc_shutdown(struct Curl_cfilter *cf,
386
                               struct Curl_easy *data, bool *done)
387
{
388
  struct cf_hc_ctx *ctx = cf->ctx;
389
  size_t i;
390
  CURLcode result = CURLE_OK;
391

392
  DEBUGASSERT(data);
393
  if(cf->connected) {
394
    *done = TRUE;
395
    return CURLE_OK;
396
  }
397

398
  /* shutdown all ballers that have not done so already. If one fails,
399
   * continue shutting down others until all are shutdown. */
400
  for(i = 0; i < ctx->baller_count; i++) {
401
    struct cf_hc_baller *b = &ctx->ballers[i];
402
    bool bdone = FALSE;
403
    if(!cf_hc_baller_is_active(b) || b->shutdown)
404
      continue;
405
    b->result = b->cf->cft->do_shutdown(b->cf, data, &bdone);
406
    if(b->result || bdone)
407
      b->shutdown = TRUE; /* treat a failed shutdown as done */
408
  }
409

410
  *done = TRUE;
411
  for(i = 0; i < ctx->baller_count; i++) {
412
    if(!ctx->ballers[i].shutdown)
413
      *done = FALSE;
414
  }
415
  if(*done) {
416
    for(i = 0; i < ctx->baller_count; i++) {
417
      if(ctx->ballers[i].result)
418
        result = ctx->ballers[i].result;
419
    }
420
  }
421
  CURL_TRC_CF(data, cf, "shutdown -> %d, done=%d", result, *done);
422
  return result;
423
}
424

425
static void cf_hc_adjust_pollset(struct Curl_cfilter *cf,
426
                                  struct Curl_easy *data,
427
                                  struct easy_pollset *ps)
428
{
429
  if(!cf->connected) {
430
    struct cf_hc_ctx *ctx = cf->ctx;
431
    size_t i;
432

433
    for(i = 0; i < ctx->baller_count; i++) {
434
      struct cf_hc_baller *b = &ctx->ballers[i];
435
      if(!cf_hc_baller_is_active(b))
436
        continue;
437
      Curl_conn_cf_adjust_pollset(b->cf, data, ps);
438
    }
439
    CURL_TRC_CF(data, cf, "adjust_pollset -> %d socks", ps->num);
440
  }
441
}
442

443
static bool cf_hc_data_pending(struct Curl_cfilter *cf,
444
                               const struct Curl_easy *data)
445
{
446
  struct cf_hc_ctx *ctx = cf->ctx;
447
  size_t i;
448

449
  if(cf->connected)
450
    return cf->next->cft->has_data_pending(cf->next, data);
451

452
  for(i = 0; i < ctx->baller_count; i++)
453
    if(cf_hc_baller_data_pending(&ctx->ballers[i], data))
454
      return TRUE;
455
  return FALSE;
456
}
457

458
static struct curltime cf_get_max_baller_time(struct Curl_cfilter *cf,
459
                                              struct Curl_easy *data,
460
                                              int query)
461
{
462
  struct cf_hc_ctx *ctx = cf->ctx;
463
  struct curltime t, tmax;
464
  size_t i;
465

466
  memset(&tmax, 0, sizeof(tmax));
467
  for(i = 0; i < ctx->baller_count; i++) {
468
    struct Curl_cfilter *cfb = ctx->ballers[i].cf;
469
    memset(&t, 0, sizeof(t));
470
    if(cfb && !cfb->cft->query(cfb, data, query, NULL, &t)) {
471
      if((t.tv_sec || t.tv_usec) && curlx_timediff_us(t, tmax) > 0)
472
        tmax = t;
473
    }
474
  }
475
  return tmax;
476
}
477

478
static CURLcode cf_hc_query(struct Curl_cfilter *cf,
479
                            struct Curl_easy *data,
480
                            int query, int *pres1, void *pres2)
481
{
482
  struct cf_hc_ctx *ctx = cf->ctx;
483
  size_t i;
484

485
  if(!cf->connected) {
486
    switch(query) {
487
    case CF_QUERY_TIMER_CONNECT: {
488
      struct curltime *when = pres2;
489
      *when = cf_get_max_baller_time(cf, data, CF_QUERY_TIMER_CONNECT);
490
      return CURLE_OK;
491
    }
492
    case CF_QUERY_TIMER_APPCONNECT: {
493
      struct curltime *when = pres2;
494
      *when = cf_get_max_baller_time(cf, data, CF_QUERY_TIMER_APPCONNECT);
495
      return CURLE_OK;
496
    }
497
    case CF_QUERY_NEED_FLUSH: {
498
      for(i = 0; i < ctx->baller_count; i++)
499
        if(cf_hc_baller_needs_flush(&ctx->ballers[i], data)) {
500
          *pres1 = TRUE;
501
          return CURLE_OK;
502
        }
503
      break;
504
    }
505
    default:
506
      break;
507
    }
508
  }
509
  return cf->next ?
510
    cf->next->cft->query(cf->next, data, query, pres1, pres2) :
511
    CURLE_UNKNOWN_OPTION;
512
}
513

514
static CURLcode cf_hc_cntrl(struct Curl_cfilter *cf,
515
                            struct Curl_easy *data,
516
                            int event, int arg1, void *arg2)
517
{
518
  struct cf_hc_ctx *ctx = cf->ctx;
519
  CURLcode result = CURLE_OK;
520
  size_t i;
521

522
  if(!cf->connected) {
523
    for(i = 0; i < ctx->baller_count; i++) {
524
      result = cf_hc_baller_cntrl(&ctx->ballers[i], data, event, arg1, arg2);
525
      if(result && (result != CURLE_AGAIN))
526
        goto out;
527
    }
528
    result = CURLE_OK;
529
  }
530
out:
531
  return result;
532
}
533

534
static void cf_hc_close(struct Curl_cfilter *cf, struct Curl_easy *data)
535
{
536
  CURL_TRC_CF(data, cf, "close");
537
  cf_hc_reset(cf, data);
538
  cf->connected = FALSE;
539

540
  if(cf->next) {
541
    cf->next->cft->do_close(cf->next, data);
542
    Curl_conn_cf_discard_chain(&cf->next, data);
543
  }
544
}
545

546
static void cf_hc_destroy(struct Curl_cfilter *cf, struct Curl_easy *data)
547
{
548
  struct cf_hc_ctx *ctx = cf->ctx;
549

550
  (void)data;
551
  CURL_TRC_CF(data, cf, "destroy");
552
  cf_hc_reset(cf, data);
553
  Curl_safefree(ctx);
554
}
555

556
struct Curl_cftype Curl_cft_http_connect = {
557
  "HTTPS-CONNECT",
558
  0,
559
  CURL_LOG_LVL_NONE,
560
  cf_hc_destroy,
561
  cf_hc_connect,
562
  cf_hc_close,
563
  cf_hc_shutdown,
564
  Curl_cf_def_get_host,
565
  cf_hc_adjust_pollset,
566
  cf_hc_data_pending,
567
  Curl_cf_def_send,
568
  Curl_cf_def_recv,
569
  cf_hc_cntrl,
570
  Curl_cf_def_conn_is_alive,
571
  Curl_cf_def_conn_keep_alive,
572
  cf_hc_query,
573
};
574

575
static CURLcode cf_hc_create(struct Curl_cfilter **pcf,
576
                             struct Curl_easy *data,
577
                             enum alpnid *alpnids, size_t alpn_count)
578
{
579
  struct Curl_cfilter *cf = NULL;
580
  struct cf_hc_ctx *ctx;
581
  CURLcode result = CURLE_OK;
582
  size_t i;
583

584
  DEBUGASSERT(alpnids);
585
  DEBUGASSERT(alpn_count);
586
  DEBUGASSERT(alpn_count <= CURL_ARRAYSIZE(ctx->ballers));
587
  if(!alpn_count || (alpn_count > CURL_ARRAYSIZE(ctx->ballers))) {
588
    failf(data, "https-connect filter create with unsupported %zu ALPN ids",
589
          alpn_count);
590
    return CURLE_FAILED_INIT;
591
  }
592

593
  ctx = calloc(1, sizeof(*ctx));
594
  if(!ctx) {
595
    result = CURLE_OUT_OF_MEMORY;
596
    goto out;
597
  }
598
  for(i = 0; i < alpn_count; ++i)
599
    cf_hc_baller_assign(&ctx->ballers[i], alpnids[i]);
600
  for(; i < CURL_ARRAYSIZE(ctx->ballers); ++i)
601
    ctx->ballers[i].alpn_id = ALPN_none;
602
  ctx->baller_count = alpn_count;
603

604
  result = Curl_cf_create(&cf, &Curl_cft_http_connect, ctx);
605
  if(result)
606
    goto out;
607
  ctx = NULL;
608
  cf_hc_reset(cf, data);
609

610
out:
611
  *pcf = result ? NULL : cf;
612
  free(ctx);
613
  return result;
614
}
615

616
static CURLcode cf_http_connect_add(struct Curl_easy *data,
617
                                    struct connectdata *conn,
618
                                    int sockindex,
619
                                    enum alpnid *alpn_ids, size_t alpn_count)
620
{
621
  struct Curl_cfilter *cf;
622
  CURLcode result = CURLE_OK;
623

624
  DEBUGASSERT(data);
625
  result = cf_hc_create(&cf, data, alpn_ids, alpn_count);
626
  if(result)
627
    goto out;
628
  Curl_conn_cf_add(data, conn, sockindex, cf);
629
out:
630
  return result;
631
}
632

633
static bool cf_https_alpns_contain(enum alpnid id,
634
                                   enum alpnid *list, size_t len)
635
{
636
  size_t i;
637
  for(i = 0; i < len; ++i) {
638
    if(id == list[i])
639
      return TRUE;
640
  }
641
  return FALSE;
642
}
643

644
CURLcode Curl_cf_https_setup(struct Curl_easy *data,
645
                             struct connectdata *conn,
646
                             int sockindex)
647
{
648
  enum alpnid alpn_ids[2];
649
  size_t alpn_count = 0;
650
  CURLcode result = CURLE_OK;
651
  struct Curl_cfilter cf_fake, *cf = NULL;
652

653
  (void)sockindex;
654
  /* we want to log for the filter before we create it, fake it. */
655
  memset(&cf_fake, 0, sizeof(cf_fake));
656
  cf_fake.cft = &Curl_cft_http_connect;
657
  cf = &cf_fake;
658

659
  if(conn->bits.tls_enable_alpn) {
660
#ifdef USE_HTTPSRR
661
    /* Is there an HTTPSRR use its ALPNs here.
662
     * We are here after having selected a connection to a host+port and
663
     * can no longer change that. Any HTTPSRR advice for other hosts and ports
664
     * we need to ignore. */
665
    struct Curl_dns_entry *dns = data->state.dns[sockindex];
666
    struct Curl_https_rrinfo *rr = dns ? dns->hinfo : NULL;
667
    if(rr && !rr->no_def_alpn &&  /* ALPNs are defaults */
668
       (!rr->target ||      /* for same host */
669
        !rr->target[0] ||
670
        (rr->target[0] == '.' &&
671
         !rr->target[1])) &&
672
       (rr->port < 0 ||    /* for same port */
673
        rr->port == conn->remote_port)) {
674
      size_t i;
675
      for(i = 0; i < CURL_ARRAYSIZE(rr->alpns) &&
676
                 alpn_count < CURL_ARRAYSIZE(alpn_ids); ++i) {
677
        enum alpnid alpn = rr->alpns[i];
678
        if(cf_https_alpns_contain(alpn, alpn_ids, alpn_count))
679
          continue;
680
        switch(alpn) {
681
        case ALPN_h3:
682
          if(Curl_conn_may_http3(data, conn))
683
            break;  /* not possible */
684
          if(data->state.http_neg.allowed & CURL_HTTP_V3x) {
685
            CURL_TRC_CF(data, cf, "adding h3 via HTTPS-RR");
686
            alpn_ids[alpn_count++] = alpn;
687
          }
688
          break;
689
        case ALPN_h2:
690
          if(data->state.http_neg.allowed & CURL_HTTP_V2x) {
691
            CURL_TRC_CF(data, cf, "adding h2 via HTTPS-RR");
692
            alpn_ids[alpn_count++] = alpn;
693
          }
694
          break;
695
        case ALPN_h1:
696
          if(data->state.http_neg.allowed & CURL_HTTP_V1x) {
697
            CURL_TRC_CF(data, cf, "adding h1 via HTTPS-RR");
698
            alpn_ids[alpn_count++] = alpn;
699
          }
700
          break;
701
        default: /* ignore */
702
          break;
703
        }
704
      }
705
    }
706
#endif
707

708
    if((alpn_count < CURL_ARRAYSIZE(alpn_ids)) &&
709
       (data->state.http_neg.wanted & CURL_HTTP_V3x) &&
710
       !cf_https_alpns_contain(ALPN_h3, alpn_ids, alpn_count)) {
711
      result = Curl_conn_may_http3(data, conn);
712
      if(!result) {
713
        CURL_TRC_CF(data, cf, "adding wanted h3");
714
        alpn_ids[alpn_count++] = ALPN_h3;
715
      }
716
      else if(data->state.http_neg.wanted == CURL_HTTP_V3x)
717
        goto out; /* only h3 allowed, not possible, error out */
718
    }
719
    if((alpn_count < CURL_ARRAYSIZE(alpn_ids)) &&
720
       (data->state.http_neg.wanted & CURL_HTTP_V2x) &&
721
       !cf_https_alpns_contain(ALPN_h2, alpn_ids, alpn_count)) {
722
      CURL_TRC_CF(data, cf, "adding wanted h2");
723
      alpn_ids[alpn_count++] = ALPN_h2;
724
    }
725
    else if((alpn_count < CURL_ARRAYSIZE(alpn_ids)) &&
726
            (data->state.http_neg.wanted & CURL_HTTP_V1x) &&
727
            !cf_https_alpns_contain(ALPN_h1, alpn_ids, alpn_count)) {
728
      CURL_TRC_CF(data, cf, "adding wanted h1");
729
      alpn_ids[alpn_count++] = ALPN_h1;
730
    }
731
  }
732

733
  /* If we identified ALPNs to use, install our filter. Otherwise,
734
   * install nothing, so our call will use a default connect setup. */
735
  if(alpn_count) {
736
    result = cf_http_connect_add(data, conn, sockindex, alpn_ids, alpn_count);
737
  }
738

739
out:
740
  return result;
741
}
742

743
#endif /* !defined(CURL_DISABLE_HTTP) */
744

745