Hi,
a need to call an external http (preferably https) service from
HAproxy code. What's the easiest way to achieve that ?
Context:
I would like HAproxy to do TLS termination for non-http traffic
(mqtt). The TLS cipher is PSK (pre-shared key). There was a patch in
this mailing-list adding support for this cipher. In his patch, Nenad
Merdanovic is loading <identity>:<key> map from a configuration file.
This is fine, if you have a static environment. I would like to hook
this identity-to-key function to some external service.
// for TLS-PSK, you need to implement this function
static int ssl_srv_psk_cb(SSL *ssl, char *identity, unsigned char
*psk, unsigned int max_psk_len) {
// for a given "identity" string, return his pre-shared key "psk"
// make a https call here..
}
// and register it for OpenSSL as call-back
SSL_CTX_set_psk_server_callback(ctx, ssl_srv_psk_cb)
Options:
(a) implement lookup call in C
I should be able to whip up simple http 1.0 request via low-level
socket programming. However, I would like some more, fancier features
like https, persistent-connections, basic-auth, handle timeouts, etc.
Even with the simple socket code I'm not sure, how will that play with
haproxy's event-driven nature. I would appreciate if someone could
point me to an example where haproxy is doing something similar
already.
(b) integrate it with Lua
Lua sounds like a better option for writing custom code to HAproxy.
However, I'm afraid that I wouldn't be able to hook it to the TLS
handshake itself (that stage is too early in the process). Seems, that
it's not a good use-case for Lua.
Any thoughts ? Examples of async IO https calls from C ?
Thanks,
Brano Zarnovican
