mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2026-01-15 13:51:00 +01:00
23f5cbb411
This patch adds functions to expose Encrypted Client Hello (ECH) status and outer SNI information for logging and sample fetching. Two new helper functions are introduced in ech.c: - conn_get_ech_status() places the ECH processing status string into a buffer. - conn_get_ech_outer_sni() retrieves the outer SNI value if ECH succeeded. Two new sample fetch keywords are added: - "ssl_fc_ech_status" returns the ECH status string. - "ssl_fc_ech_outer_sni" returns the outer SNI value seen during ECH. These allow ECH information to be used in HAProxy logs, ACLs, and captures.
14 lines
392 B
C
14 lines
392 B
C
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
|
#ifndef _HAPROXY_ECH_H
|
|
# define _HAPROXY_ECH_H
|
|
#ifdef USE_ECH
|
|
|
|
#include <openssl/ech.h>
|
|
|
|
int load_echkeys(SSL_CTX *ctx, char *dirname, int *loaded);
|
|
int conn_get_ech_status(struct connection *conn, struct buffer *buf);
|
|
int conn_get_ech_outer_sni(struct connection *conn, struct buffer *buf);
|
|
|
|
# endif /* USE_ECH */
|
|
#endif /* _HAPROXY_ECH_H */
|