Hi Alan,
Thanks for the response. After looking at the code a bit more, I figured I
can do something like this:
TSHttpHookAdd(TS_EVENT_VCONN_PRE_ACCEPT, pre_accept_cb);
pre_accept_callback(TSCont /*contp*/, TSEvent /*event*/, void *edata)
{
TSVConn ssl_vc = reinterpret_cast<TSVConn>(edata);
Connection sslobj = TSVConnSSLConnectionGet(ssl_vc);
TSSslSSL *ssl = reinterpret_cast<SSL *>(sslobj);
...
}
I can allocate some memory off the heap and then store my ssl contextual
stuff in the openssl
ssl object using ssl apis...
https://www.openssl.org/docs/manmaster/man3/SSL_set_ex_data.html
Later in my HTTP callback hooks, it looks like I can do the following to
retrieve the ssl object.
TSHttpTxn txn = static_cast<TSHttpTxn>(cppapi_txn.getAtsHandle()); //
TSHttpSsn ssn = TSHttpTxnSsnGet(txn);
SSL* ssl = (SSL*) TSHttpSsnSSLConnectionGet(ssn);
Once I have the ssl object, I can retrieve my ssl contextual data using the
ssl APIs.
Do you see any issues with this approach? One question I have is, is the
SSL object created
when the PRE_ACCEPT hook is called?
Another problem I see is, how do I free the memory I allocated to store
data in the ssl-object.
I'd like to free that when the SSL connection closes (for any reason:
normal close, error etc).
I don't see an event hook for SSL connection close. I
see TS_EVENT_HTTP_TXN_CLOSE
but I don't think that's equivalent to ssl connection close. Any
suggestions? Thanks.
Dk.
On Tue, Sep 26, 2017 at 6:54 AM, Alan Carroll <
solidwallofc...@oath.com.invalid> wrote:
> This is a known problem, see
> https://github.com/apache/trafficserver/issues/2388 . The point of that
> feature request is to be able to store data on the TSNetVConn (which you
> have in the SSL hook) and then retrieve it later in an HTTP hook (from
> which you can get to the same TSNetVConn). Currently I can't suggest
> anything better than making your own global table of TSNetVConn -> SSL
> information which admittedly is painful.
>
> On Mon, Sep 25, 2017 at 9:31 PM, Dk Jack <dnj0...@gmail.com> wrote:
>
> > Hi,
> > I am adding a hook to get access to the ssl handshake data. I am using
> > something like:
> >
> > TSHttpHookAdd(TS_SSL_CERT_HOOK, cb_cert);
> >
> > In the ssl callback, I am extracting some info from the ssl connection
> and
> > I'd like to save the info. I'd like to later retrieve this info when my
> > Http hook call back is invoked.
> >
> > TSHttpHookAdd(TS_HTTP_SEND_REQUEST_HDR_HOOK, cont);
> >
> > When my HTTP hook callback is called, I get TSHttpTxn. From HttpTxn how
> to
> > retrieve the saved ssl information? What is the correct way to make this
> > work? Any help is appreciated. Thanks.
> >
> > Dk.
> >
>
