[PATCH] MINOR: acl: add support for TLS ALPN matching

2018-12-29 Thread Alex Zorin
Hello, The attached patch adds acl support for the TLS ALPN extension (RFC7301) extension via "req.ssl_alpn", in a similar vein to "req.ssl_sni". It is useful for pass-thru of TLS connections in scenarios like ACME's tls-alpn-01. Thank you Alex>From 8008e5e8f23747741ed005f56c247bcd366cfda9 Mo

Re: [PATCH] MINOR: acl: add support for TLS ALPN matching

2018-12-29 Thread Alex Zorin
Unfortunately I attached the wrong patch file. Attaching in reply. Alex On Sun, Dec 30, 2018, at 2:20 PM, Alex Zorin wrote: > Hello, > > The attached patch adds acl support for the TLS ALPN extension > (RFC7301) extension via "req.ssl_alpn", in a similar vein to >

Re: [PATCH] MINOR: acl: add support for TLS ALPN matching

2018-12-31 Thread Alex Zorin
Hi Willy, Thanks for the generous review and pointers - that does sound much better and appears to work well for the ClientHellos I have tried. Sorry for not posting this as RFC. Alex - Original message - From: Willy Tarreau To: Alex Zorin Cc: haproxy@formilux.org Subject: Re

Re: [PATCH] MINOR: acl: add support for TLS ALPN matching

2018-12-31 Thread Alex Zorin
sl_sni". Alex>From cc8877b49e862cd84ed5634f104500b6b743bc39 Mon Sep 17 00:00:00 2001 From: Alex Zorin Date: Sun, 30 Dec 2018 13:56:28 +1100 Subject: [PATCH] MINOR: payload: add sample fetch for TLS ALPN Application-Layer Protocol Negotiation (ALPN, RFC7301) is a TLS extension which allows a client to present a prefer