You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@trafficserver.apache.org by Dk Jack <dn...@gmail.com> on 2016/04/08 04:49:13 UTC

ssl

Hi,
Is there a way to get access to ssl handshake data in a plugin? I see
there's an SNI plugin. I am looking to some data from client hello, ssl
hello extensions etc...

Bhasker.

Re: ssl

Posted by Dnj <dn...@gmail.com>.

Thanks Susan, I'll check that out. 

> On Apr 13, 2016, at 6:35 AM, Susan Hinrichs <sh...@network-geographics.com> wrote:
> 
> I'm assuming you are referring to the handshake between ATS and the user agent.  You can set a call back before the server certificate is selected.
> 
> TSHttpHookAdd(TS_SSL_CERT_HOOK, cb_cert);
> 
> There are several example plugins and the basic elements are documented in the API docs.  Here is the original design document. http://network-geographics.com/ats/docs/ssl-api.en.html  I think a couple of the constant names changed by the time it got committed, but this gives a good overview.  It also points at the examples.
> 
> From the plugin callback you can cast the TS SSL object to an openssl SSL object and make all your normal openssl calls.  You'll need to do some experiments to see if what you want is available through the openssl API at that point in the handshake.
> 
>> On 4/7/2016 9:49 PM, Dk Jack wrote:
>> Hi,
>> Is there a way to get access to ssl handshake data in a plugin? I see
>> there's an SNI plugin. I am looking to some data from client hello, ssl
>> hello extensions etc...
>> 
>> Bhasker.
>

Re: ssl

Posted by Susan Hinrichs <sh...@network-geographics.com>.

I'm assuming you are referring to the handshake between ATS and the user 
agent.  You can set a call back before the server certificate is selected.

TSHttpHookAdd(TS_SSL_CERT_HOOK, cb_cert);

There are several example plugins and the basic elements are documented 
in the API docs.  Here is the original design document. 
http://network-geographics.com/ats/docs/ssl-api.en.html  I think a 
couple of the constant names changed by the time it got committed, but 
this gives a good overview.  It also points at the examples.

 From the plugin callback you can cast the TS SSL object to an openssl 
SSL object and make all your normal openssl calls.  You'll need to do 
some experiments to see if what you want is available through the 
openssl API at that point in the handshake.

On 4/7/2016 9:49 PM, Dk Jack wrote:
> Hi,
> Is there a way to get access to ssl handshake data in a plugin? I see
> there's an SNI plugin. I am looking to some data from client hello, ssl
> hello extensions etc...
>
> Bhasker.
>