Hi Mariam.
On 2025-04-16 (Mi.) 15:36, Mariam John wrote:
Hello William,
Thank you for your patience and valuable feedback and reviews. Appreciate
it. As you requested, I have
broken the changes into 3 seperate patches to help with the review process. The
first patch contains the
4 new fetches + the doc changes as I had originally submitted (with all the
review comments addressed).
The second patch contains just the new regression test added for the 4 new
fetches (with the review
comments addressed). The third patch has the most changes and contains the new
helper method,
`clnt_hello_proc smp_client_hello_parse` which does the initial processing of
the client hello message
that was common to the following fetches:
1. smp_fetch_req_ssl_st_ext
2. smp_fetch_req_ssl_ec_ext
3. smp_fetch_ssl_hello_sni
4. smp_fetch_ssl_hello_alpn
5. smp_fetch_ssl_supported_groups
6. smp_fetch_ssl_sigalgs
7. smp_fetch_ssl_keyshare_groups
8. smp_fetch_ssl_cipherlist
The first 7 fetches do some additional processing based on the TLS extensions
whereas the last one,
`smp_fetch_ssl_cipherlist` does not. Instead it parses the CipherSuite field.
This distinction has been made
in the new helped function by using the boolean parameter `parse_extensions`.
Fetches 1 to 7 will pass true
and `smp_fetch_ssl_cipherlist` will pass `false`. You had mentioned to use a
union for this but I wasn't
sure how to use it here.
Thank you once again for taking the time to review.
Thanks,
Mariam.
When I take a look into that commit looks to me that some fetches are similar
from JA3 commit
https://git.haproxy.org/?p=haproxy.git;a=commitdiff;h=959a48c1167a4893796ed568d3864536e7e044f2
Just for my couriosity what's the difference between the
`smp_fetch_ssl_cipherlist` and `ssl_fc_cipherlist_*`.
Regards
Alex
