Re: [PATCH] MINOR: acl: add support for TLS ALPN matching

2019-01-01 Thread Willy Tarreau
On Mon, Dec 31, 2018 at 08:36:01PM -0500, Alex Zorin wrote: > On Tue, Jan 1, 2019, at 12:32 AM, Willy Tarreau wrote: > > You're welcome. I was about to apply it until I figured that a doc update > > is missing. Please add an entry to configuration.txt for this new keyword > > (and take care of resp

Re: [PATCH] MINOR: acl: add support for TLS ALPN matching

2018-12-31 Thread Alex Zorin
On Tue, Jan 1, 2019, at 12:32 AM, Willy Tarreau wrote: > You're welcome. I was about to apply it until I figured that a doc update > is missing. Please add an entry to configuration.txt for this new keyword > (and take care of respecting the alphabetical order). Okay, updated the docs. On reflec

Re: [PATCH] MINOR: acl: add support for TLS ALPN matching

2018-12-31 Thread Willy Tarreau
On Mon, Dec 31, 2018 at 06:23:59AM -0500, Alex Zorin wrote: > Thanks for the generous review and pointers - that does sound much better and > appears to work well for the ClientHellos I have tried. Sorry for not posting > this as RFC. You're welcome. I was about to apply it until I figured that a

Re: [PATCH] MINOR: acl: add support for TLS ALPN matching

2018-12-31 Thread Alex Zorin
: [PATCH] MINOR: acl: add support for TLS ALPN matching Date: Monday, December 31, 2018 8:37 PM I'm seeing that you extract only the first protocol name, and since with ALPN it is possible to advertise a series of names, I think it would make sense to be able to return each of them iteratively. We al

Re: [PATCH] MINOR: acl: add support for TLS ALPN matching

2018-12-31 Thread Willy Tarreau
Hello Alex, On Sat, Dec 29, 2018 at 10:22:05PM -0500, Alex Zorin wrote: > >From 59c8e558d1e46dc20bfffc683f8c89e06b0dbaef Mon Sep 17 00:00:00 2001 > From: Alex Zorin > Date: Sun, 30 Dec 2018 13:56:28 +1100 > Subject: [PATCH] MINOR: acl: add support for TLS ALPN matching > &

Re: [PATCH] MINOR: acl: add support for TLS ALPN matching

2018-12-29 Thread Alex Zorin
:00:00 2001 From: Alex Zorin Date: Sun, 30 Dec 2018 13:56:28 +1100 Subject: [PATCH] MINOR: acl: add support for TLS ALPN matching Application-Layer Protocol Negotiation (ALPN, RFC7301) is a TLS extension which allows a client to present the name of the protocol it is connecting to, when a single po

[PATCH] MINOR: acl: add support for TLS ALPN matching

2018-12-29 Thread Alex Zorin
Hello, The attached patch adds acl support for the TLS ALPN extension (RFC7301) extension via "req.ssl_alpn", in a similar vein to "req.ssl_sni". It is useful for pass-thru of TLS connections in scenarios like ACME's tls-alpn-01. Thank you Alex>From 8008e5e8f23747741ed005f56c247bcd366cfda9 Mo