Re: [PR] TLS curve/group name logging for Ticket Resumption [trafficserver]

via GitHub Tue, 29 Jul 2025 13:50:56 -0700


bneradt commented on PR #12393:
URL: https://github.com/apache/trafficserver/pull/12393#issuecomment-3134036901


   
   > Also, `SSL_get0_group_name` is only available on OpenSSL 3.2 or later. I 
see the `ifdef` and `get_tls_group` probably returns `nullptr` on OpenSSL 3.0, 
but I'd be surprised if there's no way to achieve it on 3.0.
   
   This is a great point. I updated the patch for openssl 3.0 and 3.1 via 
SSL_get_negotiated_group. Since 3.2, the docs say to prefer the new 
SSL_get0_group_name, but for 3.0 and 3.1 we can use the former. See:
   
   ```cpp
   #elif HAVE_SSL_GET_NEGOTIATED_GROUP                    // OpenSSL 3.0/3.1
     int group_nid = SSL_get_negotiated_group(ssl);
     if (group_nid != NID_undef) {
       char const *group_name = OBJ_nid2sn(group_nid);
       return group_name != nullptr ? std::string_view(group_name) : "";
     }
     return "";
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Re: [PR] TLS curve/group name logging for Ticket Resumption [trafficserver]

Reply via email to