feat(patch): support dynamic disable http2 alpn in ssl client hello p…

…hase

build/openresty/patches/ngx_lua-0.10.26_01-ssl-disable-h2-alpn.patch

@@ -0,0 +1,101 @@
+diff --git a/bundle/nginx-1.25.3/src/http/ngx_http_request.c b/bundle/nginx-1.25.3/src/http/ngx_http_request.c
+index bd2be5e..2084ecd 100644
+--- a/bundle/nginx-1.25.3/src/http/ngx_http_request.c
++++ b/bundle/nginx-1.25.3/src/http/ngx_http_request.c
+@@ -8,6 +8,7 @@
+ #include <ngx_config.h>
+ #include <ngx_core.h>
+ #include <ngx_http.h>
++#include <ngx_http_lua_api.h>
+
+
+ static void ngx_http_wait_request_handler(ngx_event_t *ev);
+@@ -837,7 +838,7 @@ ngx_http_ssl_handshake_handler(ngx_connection_t *c)
+
+         h2scf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_v2_module);
+
+-        if (h2scf->enable || hc->addr_conf->http2) {
++        if ((h2scf->enable || hc->addr_conf->http2) && ngx_http_lua_get_ssl_disable_http2(c->ssl)) {
+
+             SSL_get0_alpn_selected(c->ssl->connection, &data, &len);
+
+diff --git a/bundle/ngx_lua-0.10.26/src/api/ngx_http_lua_api.h b/bundle/ngx_lua-0.10.26/src/api/ngx_http_lua_api.h
+index 193c44e..fec6d61 100644
+--- a/bundle/ngx_lua-0.10.26/src/api/ngx_http_lua_api.h
++++ b/bundle/ngx_lua-0.10.26/src/api/ngx_http_lua_api.h
+@@ -70,6 +70,7 @@ void ngx_http_lua_co_ctx_resume_helper(ngx_http_lua_co_ctx_t *coctx, int nrets);
+
+ int ngx_http_lua_get_lua_http10_buffering(ngx_http_request_t *r);
+
++unsigned ngx_http_lua_get_ssl_disable_http2(ngx_ssl_connection_t *ssl);
+
+ #endif /* _NGX_HTTP_LUA_API_H_INCLUDED_ */
+
+diff --git a/bundle/ngx_lua-0.10.26/src/ngx_http_lua_api.c b/bundle/ngx_lua-0.10.26/src/ngx_http_lua_api.c
+index 0d3ec9c..fe030c5 100644
+--- a/bundle/ngx_lua-0.10.26/src/ngx_http_lua_api.c
++++ b/bundle/ngx_lua-0.10.26/src/ngx_http_lua_api.c
+@@ -340,5 +340,14 @@ ngx_http_lua_get_lua_http10_buffering(ngx_http_request_t *r)
+     return llcf->http10_buffering;
+ }
+
++unsigned ngx_http_lua_get_ssl_disable_http2(ngx_ssl_connection_t *ssl)
++{
++    ngx_http_lua_assert(ssl->connection);
++    ngx_http_lua_ssl_ctx_t *cctx;
++    
++    cctx = ngx_http_lua_ssl_get_ctx(ssl->connection);
++    ngx_http_lua_assert(cctx);
++    return cctx->disable_http2;
++}
+
+ /* vi:set ft=c ts=4 sw=4 et fdm=marker: */
+diff --git a/bundle/ngx_lua-0.10.26/src/ngx_http_lua_ssl.h b/bundle/ngx_lua-0.10.26/src/ngx_http_lua_ssl.h
+index 3d577c6..e1b1583 100644
+--- a/bundle/ngx_lua-0.10.26/src/ngx_http_lua_ssl.h
++++ b/bundle/ngx_lua-0.10.26/src/ngx_http_lua_ssl.h
+@@ -38,6 +38,7 @@ typedef struct {
+     unsigned                 entered_client_hello_handler:1;
+     unsigned                 entered_cert_handler:1;
+     unsigned                 entered_sess_fetch_handler:1;
++    unsigned                 disable_http2:1;
+ } ngx_http_lua_ssl_ctx_t;
+
+
+diff --git a/bundle/ngx_lua-0.10.26/src/ngx_http_lua_ssl_client_helloby.c b/bundle/ngx_lua-0.10.26/src/ngx_http_lua_ssl_client_helloby.c
+index 03ac430..cc3e30f 100644
+--- a/bundle/ngx_lua-0.10.26/src/ngx_http_lua_ssl_client_helloby.c
++++ b/bundle/ngx_lua-0.10.26/src/ngx_http_lua_ssl_client_helloby.c
+@@ -713,4 +713,32 @@ ngx_http_lua_ffi_ssl_set_protocols(ngx_http_request_t *r,
+     return NGX_OK;
+ }
+
++int
++ngx_http_lua_ffi_ssl_disable_http2(ngx_http_request_t *r, char **err)
++{
++    ngx_ssl_conn_t    *ssl_conn;
++    ngx_http_lua_ssl_ctx_t *cctx;
++
++    if (r->connection == NULL || r->connection->ssl == NULL) {
++        *err = "bad request";
++        return NGX_ERROR;
++    }
++
++    ssl_conn = r->connection->ssl->connection;
++    if (ssl_conn == NULL) {
++        *err = "bad ssl conn";
++        return NGX_ERROR;
++    }
++
++    cctx = ngx_http_lua_ssl_get_ctx(ssl_conn);
++    if (cctx == NULL) {
++        *err = "bad lua context";
++        return NGX_ERROR;
++    }
++
++    cctx->disable_http2 = 1;
++
++    return NGX_OK;
++}
++
+ #endif /* NGX_HTTP_SSL */