MINOR: ssl: Store hash of the SNI for cached TLS sessions

For cached TLS sessions, in addition to the SNI itself, its hash is now also saved. No changes are expected here because this hash is not used for now. This commit relies on: * MINOR: ssl: Add a function to hash SNIs
2025-12-14 14:11:00 +01:00 · 2025-12-05 10:37:27 +01:00 · 2025-12-05 10:37:27 +01:00 · 9794585204
commit 9794585204
parent d993e1eeae
2 changed files with 6 additions and 1 deletions
--- a/include/haproxy/server-t.h
+++ b/include/haproxy/server-t.h
@ -485,6 +485,7 @@ struct server {
 			unsigned char *ptr;
 			int size;
 			int allocated_size;
+			uint64_t sni_hash; /* Hash of the SNI used for the session */
 			char *sni; /* SNI used for the session */
 			__decl_thread(HA_RWLOCK_T sess_lock);
 		} * reused_sess;
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@ -4250,12 +4250,16 @@ static int ssl_sess_new_srv_cb(SSL *ssl, SSL_SESSION *sess)
 			/* if the new sni is empty or isn' t the same as the old one */
 			if ((!sni) || strcmp(s->ssl_ctx.reused_sess[tid].sni, sni) != 0) {
 				ha_free(&s->ssl_ctx.reused_sess[tid].sni);
-				if (sni)
+				s->ssl_ctx.reused_sess[tid].sni_hash = 0;
+				if (sni) {
 					s->ssl_ctx.reused_sess[tid].sni = strdup(sni);
+					s->ssl_ctx.reused_sess[tid].sni_hash = ssl_sock_sni_hash(ist(sni));
+				}
 			}
 		} else if (sni) {
 			/* if there wasn't an old sni but there is a new one */
 			s->ssl_ctx.reused_sess[tid].sni = strdup(sni);
+			s->ssl_ctx.reused_sess[tid].sni_hash = ssl_sock_sni_hash(ist(sni));
 		}
 #ifdef USE_QUIC
 		/* The selected ALPN is not stored without SSL session. */