bneradt commented on code in PR #12628:
URL: https://github.com/apache/trafficserver/pull/12628#discussion_r2482932916
##########
src/iocore/net/SSLStats.cc:
##########
@@ -328,9 +329,37 @@ SSLInitializeStatistics()
for (const char *name : group_list) {
add_group_stat<std::string>(name, name);
}
-#elif defined(SSL_get_negotiated_group)
+#elif HAVE_SSL_CTX_GET0_IMPLEMENTED_GROUPS
+ // Use SSL_CTX_get0_implemented_groups to discover all supported groups.
+ // This handles KEMs which don't have standard NIDs defined.
+ {
+ SSLMultiCertConfigLoader loader(nullptr);
+ SSL_CTX *ctx = loader.default_server_ssl_ctx();
+ SSL *ssl = SSL_new(ctx);
+
+ // Get the list of implemented groups (all=1 for all implemented groups)
+ const int *groups = nullptr;
+ int num_groups = SSL_CTX_ctrl(ctx, 139 /*
SSL_CTRL_GET0_IMPLEMENTED_GROUPS */, 1, (void *)&groups);
Review Comment:
I've reworked it now to use the SSL_CTX from
`SSLCertificateConfig::scoped_config lookup;`. That seems to resolve the
hanging problem.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
