NPN negotiation support for example server

example/README.md

@@ -3,9 +3,15 @@
 First, a quick test to ensure that we can talk to ourselves:
 
 ```bash
+# Direct connection
 $> ruby server.rb
 $> ruby client.rb http://localhost:8080/                 # GET
 $> ruby client.rb http://localhost:8080/ -d 'some data'  # POST
+
+# TLS + NPN negotiation
+$> ruby server.rb --secure
+$> ruby client.rb https://localhost:8080/                # GET
+$> ...
 ```
 
 ### [nghttp2](https://github.com/tatsuhiro-t/nghttp2) (HTTP/2.0 C Library)
@@ -43,3 +49,5 @@ $> ruby client.rb https://gabor.molnar.es:8080/post -d'some data'
 # NPN + GET request (http-2 > twitter)
 $> ruby client.rb https://twitter.com/
 ```
+
+For a complete list of current implementations, see [http2 wiki](https://github.com/http2/http2-spec/wiki/Implementations).

example/client.rb

@@ -9,7 +9,6 @@
   end
 end.parse!
 
-draft = 'HTTP-draft-06/2.0'
 
 uri = URI.parse(ARGV[0] || 'http://localhost:8080/')
 tcp = TCPSocket.new(uri.host, uri.port)
@@ -19,21 +18,21 @@
   ctx = OpenSSL::SSL::SSLContext.new
   ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE
 
-  ctx.npn_protocols = [draft]
+  ctx.npn_protocols = [DRAFT]
   ctx.npn_select_cb = lambda do |protocols|
     puts "NPN protocols supported by server: #{protocols}"
-    if protocols.include? draft
-      draft
-    else
-      puts "Server does not support #{draft}"
-      exit
-    end
+    DRAFT if protocols.include? DRAFT
   end
 
   sock = OpenSSL::SSL::SSLSocket.new(tcp, ctx)
   sock.sync_close = true
   sock.hostname = uri.hostname
   sock.connect
+
+  if sock.npn_protocol != DRAFT
+    puts "Failed to negotiate #{DRAFT} via NPN"
+    exit
+  end
 else
   sock = tcp
 end

example/helper.rb

@@ -6,6 +6,8 @@
 require 'http/2'
 require 'uri'
 
+DRAFT = 'HTTP-draft-06/2.0'
+
 class Logger
   def initialize(id)
     @id = id

example/keys/mycert.pem

@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID9DCCAtygAwIBAgIJAKIwkCCNJr2mMA0GCSqGSIb3DQEBBQUAMFkxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMTCWxvY2FsaG9zdDAeFw0xMjA2MjQxODE4
+MTZaFw0xMzA2MjQxODE4MTZaMFkxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21l
+LVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNV
+BAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOTQ
+eHgUpZnggH2RwBeghuf86/7wNeO4DIJacLrmCynA871ioOvxzPx5jPTV6dkkitMT
+lNroneNa/BbRHHOVUvCtuJyKXEiFyWs/jCYAZ335uMYtDK2FAHRvNgXMM1YZTpbM
+CSIteVsWIAuNFAWwQS8Bd9oACUS1P69eNbA1BBOqnaYoZT1D+JD4bp9kpBYqXJtf
+wOgHGzPOVatqzJDgOqSwYVz1ZETVopv+TMBght938iVoow2cHnJ2Zj/n/jBkG8E9
+FNlmc67WqQkJsS16E9sEntJOSNldBRsjMFux4E+g7wzyn9tFJ0nYJ/rklWa24BN7
+Vg9diYljQNLLSMv8/tcCAwEAAaOBvjCBuzAdBgNVHQ4EFgQUqBtvGKKXRaXzFV16
+W1uMzroa8SkwgYsGA1UdIwSBgzCBgIAUqBtvGKKXRaXzFV16W1uMzroa8SmhXaRb
+MFkxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJ
+bnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMTCWxvY2FsaG9zdIIJAKIw
+kCCNJr2mMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBALji7DAGBRU9
+x6/zw7EcEDlutGv6qp1VasJzSexVCZAr5c7vSDbdM+wlAxvwBguoFNLvrIvBxUMN
+pf/lvig2Q++lGTiqu5VodnmJXnqze7PO2Rdq9Yqgkva7qVFuGrYwGTXfiuz5LqGV
+BWz/i1i8EwJmO+p0yLk+r1hjBaeAqfbZtt1ACeZgu/8zaI9ypb2vpwOyW5TUJ8hk
+S+ZAX1Pd5OMqerD6DTfD/McHkWnC3ilcW4ZQIIJABKGxPc7k9Gyod9PZIPJS/ER7
+7koJ84u8esvnaP3DGHIuWngMpQcgMzJbD5bNX+C0DoaxkWre8u7afCW68a58RP19
+LTlr/GlI51c=
+-----END CERTIFICATE-----

example/keys/mykey.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEA5NB4eBSlmeCAfZHAF6CG5/zr/vA147gMglpwuuYLKcDzvWKg
+6/HM/HmM9NXp2SSK0xOU2uid41r8FtEcc5VS8K24nIpcSIXJaz+MJgBnffm4xi0M
+rYUAdG82BcwzVhlOlswJIi15WxYgC40UBbBBLwF32gAJRLU/r141sDUEE6qdpihl
+PUP4kPhun2SkFipcm1/A6AcbM85Vq2rMkOA6pLBhXPVkRNWim/5MwGCG33fyJWij
+DZwecnZmP+f+MGQbwT0U2WZzrtapCQmxLXoT2wSe0k5I2V0FGyMwW7HgT6DvDPKf
+20UnSdgn+uSVZrbgE3tWD12JiWNA0stIy/z+1wIDAQABAoIBABSU5/EtMkQoHIav
+AI9fgiMF7hhtdPt5x65GAlPdc22bDJGheIYgpuai7Fntj+5XSiF4ZnBWcjVMLtbC
+koOXD/HUPoHeNDTVy+tYuPuGF8kOGF/DF5vYFdVjV4Gn/4okFpyb18p6OqtFzzYa
+x41HcGWRBT3XuP20K/lTSRMDgc1e5N9bmoOONJqT+K1ak0Dv2Ifl5RTBWbmYymgR
+30cgDkiazCNjhRCCCBX8cctB4ULiOvqdksn5Ln05jvezd1Wog/ryr4SI+HMmAroZ
+dB+F8kODO792/ahR8DusQUVpwVbHqAXOVHmtplMZ4DlIgw+qY5pRawkvdetq/Ghy
+fHAInsECgYEA/U4uNsghZJiWnpZ999esCbHwM6orgX561Nx/WsmKGv0pjslZNDrx
+5Awd0EQo/NW59CUW5RcHnK+ayAsQ1xgN4HB97xYAj5v0xEzhQw8fg39fc/4gja+j
+F89wK3nfX1F4PpisN6eir+z2UcUJLT4rIsFa57R7TbLV6eV/nhxoauECgYEA5z+Y
+ITSdgwsS8FR+8ZL/UvdmkDW34gQUZ3QEAkJZfkCaHXq90tgIHDBm8dZBKEuDHJSN
+yJQ4VeHzBD9q7pdz/qDXAw5Jqgz01ToWWuGvCbcqvH6u1UrVvUhgr0JbyUZgrL4r
+/c5buWHS+IKwtBqWG1oo4kclfz3TIjtLXiVDmLcCgYB+/K2wav5KpzCDSqDWGjo2
+Fg18aSgsYBMGGZCDHBxvUVF/MrPUumQ/1k8v9KuzrRXvLpTevn/jbimjdeC4ZGe4
+h8yqipY3aJD5xCz96Fv9GWLqDJGXVmDl8+mg8hUofPhSMUnNEO4/UgVeku/5zXvk
+jZicJl/WYPxaqOIkistSIQKBgQCoLuhFvi6QkA1GHS32JCLuBGDjoS4Lg0wTsZz4
+x6iu2e08Y3iLT/MWDV3RpTHeTI0ezCwSJTqTu7Ey9ayfuibymafG4S1SL/og2g5I
+KrtTJZQ/YyNknPi2oV0wGeMHj9ffyq/T97FeMndtph893dguLHRvna73y88ypk06
+O3/eIQKBgH10X3RoSDr04vVLFPjJ4beRj4SQA7BVUCio5MSrqkh2aTW0nFv+DiVm
+M5nqfiH5QjO1NkKXrqUYAFVdAxcLRPXSAMHK0G61HyWDKyUEwAqWQ4sZGgFrzFUb
+tihmVFKrXyzeMLumwn6TNCGVPYGAWw4FgHq59Hr+bAMp2g80Nmyj
+-----END RSA PRIVATE KEY-----

example/server.rb

@@ -1,7 +1,32 @@
 require_relative 'helper'
 
-puts "Starting server on port 8080"
-Socket.tcp_server_loop(8080) do |sock|
+options = {port: 8080}
+OptionParser.new do |opts|
+  opts.banner = "Usage: server.rb [options]"
+
+  opts.on("-s", "--secure", "HTTPS mode") do |v|
+    options[:secure] = v
+  end
+
+  opts.on("-p", "--port [Integer]", "listen port") do |v|
+    options[:port] = v
+  end
+end.parse!
+
+puts "Starting server on port #{options[:port]}"
+server = TCPServer.new(options[:port])
+
+if options[:secure]
+  ctx = OpenSSL::SSL::SSLContext.new
+  ctx.cert = OpenSSL::X509::Certificate.new(File.open("keys/mycert.pem"))
+  ctx.key = OpenSSL::PKey::RSA.new(File.open("keys/mykey.pem"))
+  ctx.npn_protocols = [DRAFT]
+
+  server = OpenSSL::SSL::SSLServer.new(server, ctx)
+end
+
+loop do
+  sock = server.accept
   puts "New TCP connection!"
 
   conn = HTTP2::Server.new