bneradt commented on code in PR #12914: URL: https://github.com/apache/trafficserver/pull/12914#discussion_r2880986806
########## include/ts/ts.h: ########## @@ -1334,6 +1334,52 @@ int TSVConnIsSsl(TSVConn sslp); int TSVConnProvidedSslCert(TSVConn sslp); const char *TSVConnSslSniGet(TSVConn sslp, int *length); +/** + Retrieve TLS Client Hello information from an SSL virtual connection. + + This function extracts TLS Client Hello data from a TLS handshake. + The returned object provides access to version, cipher suites, and extensions + in a way that is portable across both BoringSSL and OpenSSL implementations. + + IMPORTANT: This function must be called during the TS_SSL_CLIENT_HELLO_HOOK. + The underlying SSL context may not be available at other hooks, particularly + for BoringSSL where the SSL_CLIENT_HELLO structure is only valid during + specific callback functions. Calling this function outside of the client + hello hook may result in unavailable object being returned. + + @param sslp The SSL virtual connection handle. Must not be nullptr. Review Comment: `@param[in]` please ########## include/ts/ts.h: ########## @@ -1334,6 +1334,52 @@ int TSVConnIsSsl(TSVConn sslp); int TSVConnProvidedSslCert(TSVConn sslp); const char *TSVConnSslSniGet(TSVConn sslp, int *length); +/** + Retrieve TLS Client Hello information from an SSL virtual connection. + + This function extracts TLS Client Hello data from a TLS handshake. + The returned object provides access to version, cipher suites, and extensions + in a way that is portable across both BoringSSL and OpenSSL implementations. + + IMPORTANT: This function must be called during the TS_SSL_CLIENT_HELLO_HOOK. + The underlying SSL context may not be available at other hooks, particularly + for BoringSSL where the SSL_CLIENT_HELLO structure is only valid during + specific callback functions. Calling this function outside of the client + hello hook may result in unavailable object being returned. + + @param sslp The SSL virtual connection handle. Must not be nullptr. + @return A TSClientHello object containing Client Hello data. + + @see TSClientHelloExtensionGet + */ +TSClientHello TSVConnClientHelloGet(TSVConn sslp); + +/** + Retrieve a specific TLS extension from the Client Hello. + + This function looks up a TLS extension by its type (e.g., 0x10 for ALPN, + 0x00 for SNI) and returns a pointer to its data. The lookup is performed + using SSL library-specific functions that work with both BoringSSL and + OpenSSL without requiring conditional compilation in the plugin. + + The returned buffer is still owned by the underlying SSL context and must + not be freed by the caller. The buffer is valid only in the condition where + you can get a TSClientHello object from an SSL virtual connection. + + @param ch The Client Hello object obtained from TSVConnClientHelloGet(). + @param type The TLS extension type to retrieve. + @param out Pointer to receive the extension data buffer. Must not be nullptr. + @param outlen Pointer to receive the length of the extension data in bytes. Review Comment: `[in]`, `[in]`, `[out]`, `[out]` please. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
