bneradt commented on code in PR #12628:
URL: https://github.com/apache/trafficserver/pull/12628#discussion_r2482832151
##########
src/iocore/net/SSLStats.cc:
##########
@@ -328,9 +329,37 @@ SSLInitializeStatistics()
for (const char *name : group_list) {
add_group_stat<std::string>(name, name);
}
-#elif defined(SSL_get_negotiated_group)
+#elif HAVE_SSL_CTX_GET0_IMPLEMENTED_GROUPS
+ // Use SSL_CTX_get0_implemented_groups to discover all supported groups.
+ // This handles KEMs which don't have standard NIDs defined.
+ {
+ SSLMultiCertConfigLoader loader(nullptr);
+ SSL_CTX *ctx = loader.default_server_ssl_ctx();
+ SSL *ssl = SSL_new(ctx);
+
+ // Get the list of implemented groups (all=1 for all implemented groups)
+ const int *groups = nullptr;
+ int num_groups = SSL_CTX_ctrl(ctx, 139 /*
SSL_CTRL_GET0_IMPLEMENTED_GROUPS */, 1, (void *)&groups);
Review Comment:
Thank you. That's good confirmation. I independently implemented that before
seeing this (see the updated patch - it's pretty identical). Sadly, the call
simply hangs at the time that it is called. I'll try to see whether I can find
a later stage in the code where it can be called.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
