openssl/openssl

RFE: make SSL_get_servername work early in ClientHello callback

Open

#23.326 aberto em 17 de jan. de 2024

Ver no GitHub
 (6 comments) (0 reactions) (0 assignees)C (11.262 forks)batch import
branch: masterhelp wantedtriaged: feature

Métricas do repositório

Stars
 (30.157 stars)
Métricas de merge de PR
 (Nenhuma PRs mesclada em 30d)

Description

SNI is the most common reason for the use of ClientHello callback and requires manually parsing as SSL_get_servername cannot be used.

BoringSSL has refactored this portion so that SSL_get_servername can be used at this early stage: gotta love this description from @davidben — “SNI is the most common reason to use the ClientHello callback and the extension is a little goofy to parse”

See discussion here: https://github.com/openssl/openssl/discussions/23303

Guia do colaborador