diff options
author | Phus Lu <phus.lu@gmail.com> | 2021-10-25 18:47:00 +0800 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2022-02-03 13:45:41 +0100 |
commit | 13a53fbf13bc6fa09c95ad4bdc6ec70fa15aa16d (patch) | |
tree | 34c712b39eae57857d9b3b60abd7d8f59c9cdca5 /doc/man3/SSL_CTX_set_client_hello_cb.pod | |
parent | 27aca04e13ca8a9bead49de7bc380110ecb7064e (diff) |
add SSL_get0_iana_groups() & SSL_client_hello_get_extension_order()
The function/macro allow user get groups/extensions without memory allcations.
So we could calculate the ssl fignerprint(ja3) in low cost.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16910)
Diffstat (limited to 'doc/man3/SSL_CTX_set_client_hello_cb.pod')
-rw-r--r-- | doc/man3/SSL_CTX_set_client_hello_cb.pod | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/doc/man3/SSL_CTX_set_client_hello_cb.pod b/doc/man3/SSL_CTX_set_client_hello_cb.pod index f324647abc..dc882a12e6 100644 --- a/doc/man3/SSL_CTX_set_client_hello_cb.pod +++ b/doc/man3/SSL_CTX_set_client_hello_cb.pod @@ -2,7 +2,7 @@ =head1 NAME -SSL_CTX_set_client_hello_cb, SSL_client_hello_cb_fn, SSL_client_hello_isv2, SSL_client_hello_get0_legacy_version, SSL_client_hello_get0_random, SSL_client_hello_get0_session_id, SSL_client_hello_get0_ciphers, SSL_client_hello_get0_compression_methods, SSL_client_hello_get1_extensions_present, SSL_client_hello_get0_ext - callback functions for early server-side ClientHello processing +SSL_CTX_set_client_hello_cb, SSL_client_hello_cb_fn, SSL_client_hello_isv2, SSL_client_hello_get0_legacy_version, SSL_client_hello_get0_random, SSL_client_hello_get0_session_id, SSL_client_hello_get0_ciphers, SSL_client_hello_get0_compression_methods, SSL_client_hello_get1_extensions_present, SSL_client_hello_get_extension_order, SSL_client_hello_get0_ext - callback functions for early server-side ClientHello processing =head1 SYNOPSIS @@ -18,6 +18,8 @@ SSL_CTX_set_client_hello_cb, SSL_client_hello_cb_fn, SSL_client_hello_isv2, SSL_ const unsigned char **out); int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen); + int SSL_client_hello_get_extension_order(SSL *s, uint16_t *exts, + size_t *num_exts); int SSL_client_hello_get0_ext(SSL *s, unsigned int type, const unsigned char **out, size_t *outlen); @@ -68,6 +70,20 @@ in the ClientHello. B<*outlen> contains the number of elements in the array. In situations when the ClientHello has no extensions, the function will return success with B<*out> set to NULL and B<*outlen> set to 0. +SSL_client_hello_get_extension_order() is similar to +SSL_client_hello_get1_extensions_present(), without internal memory allocation. +When called with B<exts> set to NULL, returns the number of extensions +(e.g., to allocate storage for a subsequent call). Otherwise, B<*exts> is populated +with the ExtensionType values in the order that the corresponding extensions +appeared in the ClientHello. B<*num_exts> is an input/output parameter, used +as input to supply the size of storage allocated by the caller, and as output to +indicate how many ExtensionType values were written. If the input B<*num_exts> +is smaller then the number of extensions in question, that is treated as an error. +A subsequent call with B<exts> set to NULL can retrieve the size of storage needed. +A ClientHello that contained no extensions is treated as success, with B<*num_exts> +set to 0. + + =head1 NOTES The ClientHello callback provides a vast window of possibilities for application @@ -107,6 +123,8 @@ SSL_client_hello_get0_ext() returns 1 if the extension of type 'type' is present SSL_client_hello_get1_extensions_present() returns 1 on success and 0 on failure. +SSL_client_hello_get_extension_order() returns 1 on success and 0 on failure. + =head1 SEE ALSO L<ssl(7)>, L<SSL_CTX_set_tlsext_servername_callback(3)>, @@ -119,6 +137,8 @@ SSL_client_hello_get0_random(), SSL_client_hello_get0_session_id(), SSL_client_hello_get0_ciphers(), SSL_client_hello_get0_compression_methods(), SSL_client_hello_get0_ext(), and SSL_client_hello_get1_extensions_present() were added in OpenSSL 1.1.1. +SSL_client_hello_get_extension_order() +was added in OpenSSL 3.1.0. =head1 COPYRIGHT |