maskit commented on PR #12393: URL: https://github.com/apache/trafficserver/pull/12393#issuecomment-3130211363
It doesn't seem like we need to add a new variable to record a group name. Although both OpenSSL and BoringSSL have different APIs for curve and group, the getters are actually just aliases unlike the setters. We should be able to use the same variable for both curve and group. `TLSBasicSupport::get_tls_group` which was added by https://github.com/apache/trafficserver/pull/12261 is probably unnecessary. I don't know why the previous code doesn't work for group, but the function to get curve/group id is identical. ``` $ git grep SSL_get_shared_curve include/ include/openssl/ssl.h.in:# define SSL_get_shared_curve SSL_get_shared_group ``` Also, `SSL_get0_group_name` is only available on OpenSSL 3.2 or later. I see the `ifdef` and `get_tls_group` probably returns `nullptr` on OpenSSL 3.0, but I'd be surprised if there's no way to achieve it on 3.0. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
