That's right, what we need are SSL attributes like the protocol version or
the cipher used
On Wed, Jul 17, 2019, 23:16 Sudheer Vinukonda
<sudheervinuko...@yahoo.com.invalid> wrote:
> Oh, it looks like the goal is to actually get SSL context attributes for
> a given TXN and not so much _STATS_. Sorry, I was confused by the use of
> word _STAT_ and assumed you were trying to collect metrics/counters.
> Assuming it is the SSL Context attributes for a TXN that you are looking
> to get, I'm okay with the original separate API for each attribute that's
> proposed or possibly even defining/exposing a data structure that can fill
> and return all SSL related attributes.
>
> On Wednesday, July 17, 2019, 7:13:55 AM PDT, Alan Carroll
> <solidwallofc...@verizonmedia.com.INVALID> wrote:
>
> Looking at the current API in this area, I think it might be better to
> model it on TSStatFindName and related functions. This would mean something
> like
>
> TSReturnCode TSSslStatFindName(const char * name, int * idx);
> TSMgmtInt TSSslStatGet(idx);
>
> On Wed, Jul 17, 2019 at 12:39 AM Valentín Gutierrez <
> vgutier...@wikimedia.org> wrote:
>
> > So something like this would be more appealing?
> >
> > typedef enum {
> > TS_STAT_SSL_PROTOCOL = 0,
> > TS_STAT_SSL_CIPHER,
> > TS_STAT_SSL_CURVE,
> > } TSStatSsl;
> >
> > int TSHttpTxnClientReqIsSslReused(TSHttpTxn txnp);
> > const char *TSHttpTxnClientReqSslStatGet(TSHttpTxn txnp, TSStatSsl
> > stat_ssl);
> >
> > On Wed, Jul 17, 2019 at 1:11 AM Sudheer Vinukonda
> > <sudheervinuko...@yahoo.com.invalid> wrote:
> > >
> > > Hmm...feels like this is a bit of an overload to write a separate API
> > for each stat - Would it be better to write generic APIs that can return
> > any stat (defined as an ENUM for example)?
> > >
> > >
> > > On Tuesday, July 16, 2019, 11:07:19 AM PDT, Valentín Gutierrez <
> > vgutier...@wikimedia.org> wrote:
> > >
> > > Hi,
> > >
> > > We need to expose several client request SSL stats that are currently
> > > being gathered in the HttpSM to the Lua plugin. To achieve this I'd
> > > like to propose adding several functions to the API:
> > >
> > > int TSHttpTxnClientReqIsSslReused(TSHttpTxn txnp);
> > > const char *TSHttpTxnClientReqSslCipherGet(TSHttpTxn txnp);
> > > const char *TSHttpTxnClientReqSslProtocolGet(TSHttpTxn txnp);
> > > const char *TSHttpTxnClientReqSslCurveGet(TSHttpTxn txnp);
> > >
> > > These API calls would expose the following HttpSM attributes:
> > > bool client_ssl_reused;
> > > const char *client_cipher_suite = "-";
> > > const char *client_sec_protocol = "-";
> > > const char *client_curve; // Implemented as part of
> > > https://github.com/apache/trafficserver/pull/5724/
> > >
> > >
> > > An implementation has been already drafted as part of
> > > https://github.com/apache/trafficserver/pull/5726/
> > >
> > > Best Regards,
> > > Valentín Gutiérrez
> >
