Hi Alexay, On 10/16/18 2:17 PM, Alexey Elymanov wrote: > I would like to propose a little patch, based on current ssl_capture > (ssl_sock.c) scheme. > Purpose is to be able to sample/fetch TLS extensions, it could be useful for > debugging or fingerprinting purposes (for example, cURL and Firefox provide > different sets of extensions in ClientHello message). > > it provides two hooks, which should be enough for further Lua > processing/request forwarding/analysis: smp_fetch_ssl_fc_exts_bin, > smp_fetch_ssl_fc_exts_hex > >
I would have the opinion of Thierry on this. I don't know why he did those fetches like this, perhaps converters are not yet available in LUA, in this case it's a point to address because we won't duplicate all fetches just for LUA. Anyway i have some notes about your patch: --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -271,6 +271,8 @@ struct ssl_capture { unsigned long long int xxh64; unsigned char ciphersuite_len; char ciphersuite[0]; + unsigned char extensions_len; + char extensions[0]; }; Here setting a ciphersuite, you will scratch extensions_len with unpredictable value resulting in buffer out of bound reading the extensions (take care of [0]). It also disallow to use ciphersuite and extensions capture at same time. I also notice a lot of indent issue in your patch. R, Emeric PS: CCing Thierry for his opinion.