maskit commented on code in PR #11844:
URL: https://github.com/apache/trafficserver/pull/11844#discussion_r1830071359
##########
src/iocore/net/SSLUtils.cc:
##########
@@ -1086,6 +1086,20 @@ ssl_callback_info(const SSL *ssl, int where, int ret)
}
Metrics::Counter::increment(it->second);
}
+
+#if defined(OPENSSL_IS_BORINGSSL) || defined(SSL_get_negotiated_group)
+ // TLS Group
+#ifdef OPENSSL_IS_BORINGSSL
+ int nid = SSL_get_negotiated_group(ssl);
+#elif defined(SSL_get_negotiated_group)
+ int nid = SSL_get_negotiated_group(const_cast<SSL *>(ssl));
+#endif
+ if (nid != NID_undef) {
+ if (auto it = tls_group_map.find(nid); it != tls_group_map.end()) {
Review Comment:
We should have OTHER, otherwise we'd see a mysterious drop when SSL
libraries and clients support a new group.
https://github.com/apache/trafficserver/pull/9623
And the table could be autogenerated if the library used has
`SSL_get_all_group_names`. Only users who use SSL library without the function
would be affected if new groups are added.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
