refactor(*): remove alpn code (not needed anymore)

.github/workflows/tests.yml

@@ -5,7 +5,7 @@ on:
   push:
 
 env:
-  KONG_VERSION: master
+  KONG_VERSION: refactor/patches-h2-alpn-removal
   BUILD_ROOT: ${{ github.workspace }}/kong/bazel-bin/build
 
 concurrency:

LICENSE

@@ -187,7 +187,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright 2016-2020 Kong Inc.
+   Copyright 2016-2025 Kong Inc.
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

README.md

@@ -446,21 +446,6 @@ describing the error will be returned.
 
 [Back to TOC](#table-of-contents)
 
-resty.kong.tls.disable\_http2\_alpn
-----------------------------------------------------
-**syntax:** *ok, err = resty.kong.tls.disable\_http2\_alpn()*
-
-**context:** *client_hello_by_lua*
-
-**subsystems:** *http*
-
-Disables HTTP/2 ALPN negotiation for the current TLS connection. When called, the
-connection will not negotiate HTTP/2 using ALPN and will fallback to HTTP/1.1 even though [`http2`](https://nginx.org/en/docs/http/ngx_http_v2_module.html#http2) directive is enabled.
-
-This function returns `true` when the call is successful. Otherwise it returns `false` and a string describing the error.
-
-[Back to TOC](#table-of-contents)
-
 resty.kong.grpc.set\_authority
 ------------------------------
 **syntax:** *ok, err = resty.kong.grpc.set_authority(new_authority)*
@@ -630,7 +615,7 @@ License
 =======
 
 ```
-Copyright 2020-2023 Kong Inc.
+Copyright 2020-2025 Kong Inc.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

lualib/resty/kong/grpc.lua

@@ -1,4 +1,4 @@
--- Copyright 2019-2020 Kong Inc.
+-- Copyright 2019-2025 Kong Inc.
 
 -- Licensed under the Apache License, Version 2.0 (the "License");
 -- you may not use this file except in compliance with the License.

lualib/resty/kong/log.lua

@@ -1,4 +1,4 @@
--- Copyright 2019-2022 Kong Inc.
+-- Copyright 2019-2025 Kong Inc.
 
 -- Licensed under the Apache License, Version 2.0 (the "License");
 -- you may not use this file except in compliance with the License.

lualib/resty/kong/tls.lua

@@ -1,4 +1,4 @@
--- Copyright 2019-2020 Kong Inc.
+-- Copyright 2019-2025 Kong Inc.
 
 -- Licensed under the Apache License, Version 2.0 (the "License");
 -- you may not use this file except in compliance with the License.
@@ -32,8 +32,6 @@ local get_string_buf = base.get_string_buf
 local size_ptr = base.get_size_ptr()
 local orig_get_request = base.get_request
 local subsystem = ngx.config.subsystem
-local errmsg = base.get_errmsg_ptr()
-local FFI_OK = base.FFI_OK
 base.allows_subsystem('http', 'stream')
 
 local kong_lua_kong_ffi_get_full_client_certificate_chain
@@ -46,7 +44,6 @@ local kong_lua_kong_ffi_set_upstream_ssl_sans_dnsnames
 local kong_lua_kong_ffi_set_upstream_ssl_sans_uris
 local kong_lua_kong_ffi_get_socket_ssl
 local kong_lua_kong_ffi_get_request_ssl
-local kong_lua_kong_ffi_disable_http2_alpn
 if subsystem == "http" then
     ffi.cdef([[
     typedef struct ssl_st SSL;
@@ -71,7 +68,6 @@ if subsystem == "http" then
         void **ssl_conn);
     int ngx_http_lua_kong_ffi_get_request_ssl(ngx_http_request_t *r,
         void **ssl_conn);
-    int ngx_http_lua_ffi_disable_http2_alpn(ngx_http_request_t *r, char **err);
     ]])
 
     kong_lua_kong_ffi_get_full_client_certificate_chain = C.ngx_http_lua_kong_ffi_get_full_client_certificate_chain
@@ -84,7 +80,6 @@ if subsystem == "http" then
     kong_lua_kong_ffi_set_upstream_ssl_sans_uris = C.ngx_http_lua_kong_ffi_set_upstream_ssl_sans_uris
     kong_lua_kong_ffi_get_socket_ssl = C.ngx_http_lua_kong_ffi_get_socket_ssl
     kong_lua_kong_ffi_get_request_ssl = C.ngx_http_lua_kong_ffi_get_request_ssl
-    kong_lua_kong_ffi_disable_http2_alpn = C.ngx_http_lua_ffi_disable_http2_alpn
 
 elseif subsystem == 'stream' then
     ffi.cdef([[
@@ -410,24 +405,6 @@ do
 
         error("unknown return code: " .. tostring(ret))
     end
-
-    function _M.disable_http2_alpn()
-        if get_phase() ~= "ssl_client_hello" then
-            error("API disabled in the current context")
-        end
-
-        local r = get_request()
-        if not r then
-            error("no request found")
-        end
-
-        local rc = kong_lua_kong_ffi_disable_http2_alpn(r, errmsg)
-        if rc == FFI_OK then
-            return true
-        end
-
-        return false, ffi_string(errmsg[0])
-    end
 end
 
 if ngx.config.subsystem == "stream" then

lualib/resty/kong/upstream.lua

@@ -1,4 +1,4 @@
--- Copyright 2019-2022 Kong Inc.
+-- Copyright 2019-2025 Kong Inc.
 
 -- Licensed under the Apache License, Version 2.0 (the "License");
 -- you may not use this file except in compliance with the License.

src/ngx_http_lua_kong_common.h

@@ -1,5 +1,5 @@
 /**
- * Copyright 2019-2022 Kong Inc.
+ * Copyright 2019-2025 Kong Inc.
 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/ngx_http_lua_kong_directive.h

@@ -1,5 +1,5 @@
 /**
- * Copyright 2019-2022 Kong Inc.
+ * Copyright 2019-2025 Kong Inc.
 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/ngx_http_lua_kong_grpc.c

@@ -1,5 +1,5 @@
 /**
- * Copyright 2019-2022 Kong Inc.
+ * Copyright 2019-2025 Kong Inc.
 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -62,5 +62,3 @@ ngx_http_lua_kong_set_grpc_authority(ngx_http_request_t *r,
         *host = ctx->grpc_authority;
     }
 }
-
-

src/ngx_http_lua_kong_log.c

@@ -1,5 +1,5 @@
 /**
- * Copyright 2019-2022 Kong Inc.
+ * Copyright 2019-2025 Kong Inc.
 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/ngx_http_lua_kong_log_handler.c

@@ -1,5 +1,5 @@
 /**
- * Copyright 2019-2023 Kong Inc.
+ * Copyright 2019-2025 Kong Inc.
 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -143,5 +143,3 @@ ngx_http_lua_kong_error_log_request_id(ngx_conf_t *cf, ngx_command_t *cmd, void
 
     return NGX_CONF_OK;
 }
-
-

src/ngx_http_lua_kong_module.c

@@ -1,5 +1,5 @@
 /**
- * Copyright 2019-2022 Kong Inc.
+ * Copyright 2019-2025 Kong Inc.
 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -200,4 +200,4 @@ ngx_http_lua_ffi_set_next_upstream(ngx_http_request_t *r, ngx_uint_t next_upstre
 
     ctx->next_upstream = next_upstream;
     return NGX_OK;
-}
+}

src/ngx_http_lua_kong_module.h

@@ -1,5 +1,5 @@
 /**
- * Copyright 2019-2022 Kong Inc.
+ * Copyright 2019-2025 Kong Inc.
 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -36,10 +36,6 @@ ngx_flag_t
 ngx_http_lua_kong_get_upstream_ssl_verify(ngx_http_request_t *r,
     ngx_flag_t proxy_ssl_verify);
 
-ngx_flag_t
-ngx_http_lua_kong_ssl_get_http2_alpn_enabled(ngx_ssl_connection_t *ssl,
-    ngx_flag_t enable_http2);
-
 ngx_flag_t
 ngx_http_lua_kong_get_next_upstream_mask(ngx_http_request_t *r,
     ngx_flag_t upstream_next);

src/ngx_http_lua_kong_ssl.c

@@ -1,5 +1,5 @@
 /**
- * Copyright 2019-2022 Kong Inc.
+ * Copyright 2019-2025 Kong Inc.
 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,8 +17,6 @@
 
 #include "ngx_http_lua_kong_common.h"
 #include "ngx_http_lua_socket_tcp.h"
-#include "ngx_http_lua_ssl.h"
-#include "ngx_http_lua_util.h"
 
 /*
  * disables session reuse for the current TLS connection, must be called
@@ -199,50 +197,6 @@ ngx_http_lua_kong_get_upstream_ssl_verify(ngx_http_request_t *r,
     return ngx_lua_kong_ssl_get_upstream_ssl_verify(&ctx->ssl_ctx, proxy_ssl_verify);
 }
 
-ngx_flag_t
-ngx_http_lua_kong_ssl_get_http2_alpn_enabled(ngx_ssl_connection_t *ssl,
-    ngx_flag_t enable_http2)
-{
-    ngx_http_lua_ssl_ctx_t *cctx;
-
-    cctx = ngx_http_lua_ssl_get_ctx(ssl->connection);
-    if (cctx && cctx->disable_http2_alpn) {
-        return 0;
-    }
-
-    return enable_http2;
-}
-
-int
-ngx_http_lua_ffi_disable_http2_alpn(ngx_http_request_t *r, char **err)
-{
-    ngx_ssl_conn_t    *ssl_conn;
-    ngx_http_lua_ssl_ctx_t *cctx;
-
-    if (r->connection == NULL || r->connection->ssl == NULL) {
-        *err = "bad request";
-        return NGX_ERROR;
-    }
-
-    ssl_conn = r->connection->ssl->connection;
-    if (ssl_conn == NULL) {
-        *err = "bad ssl conn";
-        return NGX_ERROR;
-    }
-
-    cctx = ngx_http_lua_ssl_get_ctx(ssl_conn);
-    if (cctx == NULL) {
-        *err = "bad lua context";
-        return NGX_ERROR;
-    }
-    ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
-                  "lua ssl disable http2");
-    cctx->disable_http2_alpn = 1;
-
-    return NGX_OK;
-}
-
-
 int
 ngx_http_lua_kong_ffi_set_upstream_ssl_sans_dnsnames(ngx_http_request_t *r,
     const char *input, size_t input_len)
@@ -330,5 +284,3 @@ ngx_http_lua_kong_ssl_get_upstream_ssl_sans_uris(ngx_http_request_t *r)
 }
 
 #endif
-
-

src/ngx_http_lua_kong_ssl.h

@@ -1,5 +1,5 @@
 /**
- * Copyright 2019-2022 Kong Inc.
+ * Copyright 2019-2025 Kong Inc.
 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/ngx_http_lua_kong_tag.c

@@ -1,5 +1,5 @@
 /**
- * Copyright 2019-2022 Kong Inc.
+ * Copyright 2019-2025 Kong Inc.
 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -27,5 +27,3 @@ ngx_http_lua_kong_ffi_get_static_tag(ngx_http_request_t *r)
 
     return &lcf->tag;
 }
-
-

src/ngx_http_lua_kong_var_index.c

@@ -1,5 +1,5 @@
 /**
- * Copyright 2019-2022 Kong Inc.
+ * Copyright 2019-2025 Kong Inc.
 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -333,5 +333,3 @@ ngx_http_lua_kong_ffi_var_set_by_index(ngx_http_request_t *r, ngx_uint_t index,
     *err = "no memory";
     return NGX_ERROR;
 }
-
-

src/ngx_http_lua_kong_vars.c

@@ -1,5 +1,5 @@
 /**
- * Copyright 2019-2023 Kong Inc.
+ * Copyright 2019-2025 Kong Inc.
 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/ssl/ngx_lua_kong_ssl.c

@@ -1,5 +1,5 @@
 /**
- * Copyright 2019-2022 Kong Inc.
+ * Copyright 2019-2025 Kong Inc.
 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/ssl/ngx_lua_kong_ssl.h

@@ -1,5 +1,5 @@
 /**
- * Copyright 2019-2022 Kong Inc.
+ * Copyright 2019-2025 Kong Inc.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at

stream/src/ngx_stream_lua_kong_module.c

@@ -1,5 +1,5 @@
 /**
- * Copyright 2019-2020 Kong Inc.
+ * Copyright 2019-2025 Kong Inc.
 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.