Re: [PATCH] MINOR: acl: add support for TLS ALPN matching

2019-01-01 Thread Willy Tarreau
On Mon, Dec 31, 2018 at 08:36:01PM -0500, Alex Zorin wrote: > On Tue, Jan 1, 2019, at 12:32 AM, Willy Tarreau wrote: > > You're welcome. I was about to apply it until I figured that a doc update > > is missing. Please add an entry to configuration.txt for this new keyword > > (and take care of

Re: [PATCH] MINOR: acl: add support for TLS ALPN matching

2018-12-31 Thread Alex Zorin
On Tue, Jan 1, 2019, at 12:32 AM, Willy Tarreau wrote: > You're welcome. I was about to apply it until I figured that a doc update > is missing. Please add an entry to configuration.txt for this new keyword > (and take care of respecting the alphabetical order). Okay, updated the docs. On

Re: [PATCH] MINOR: acl: add support for TLS ALPN matching

2018-12-31 Thread Willy Tarreau
On Mon, Dec 31, 2018 at 06:23:59AM -0500, Alex Zorin wrote: > Thanks for the generous review and pointers - that does sound much better and > appears to work well for the ClientHellos I have tried. Sorry for not posting > this as RFC. You're welcome. I was about to apply it until I figured that a

Re: [PATCH] MINOR: acl: add support for TLS ALPN matching

2018-12-31 Thread Alex Zorin
: [PATCH] MINOR: acl: add support for TLS ALPN matching Date: Monday, December 31, 2018 8:37 PM I'm seeing that you extract only the first protocol name, and since with ALPN it is possible to advertise a series of names, I think it would make sense to be able to return each of them iteratively. We already

Re: [PATCH] MINOR: acl: add support for TLS ALPN matching

2018-12-31 Thread Willy Tarreau
Hello Alex, On Sat, Dec 29, 2018 at 10:22:05PM -0500, Alex Zorin wrote: > >From 59c8e558d1e46dc20bfffc683f8c89e06b0dbaef Mon Sep 17 00:00:00 2001 > From: Alex Zorin > Date: Sun, 30 Dec 2018 13:56:28 +1100 > Subject: [PATCH] MINOR: acl: add support for TLS ALPN matching > > Application-Layer

Re: [PATCH] MINOR: acl: add support for TLS ALPN matching

2018-12-29 Thread Alex Zorin
Unfortunately I attached the wrong patch file. Attaching in reply. Alex On Sun, Dec 30, 2018, at 2:20 PM, Alex Zorin wrote: > Hello, > > The attached patch adds acl support for the TLS ALPN extension > (RFC7301) extension via "req.ssl_alpn", in a similar vein to > "req.ssl_sni". > > It is