* Graham Leggett: > I have a need to parse the first incoming hello packet on an > incoming TLS connection and based on the presence (or absence) of > the SNI header, choose to pass the connection through to another > server.
I think you'll need to work with BIOs to make a copy of the initial handshake messages and prevent the OpenSSL code from sending any data, install a server name callback (see SSL_CTX_callback_ctrl and SSL_CTRL_SET_TLSEXT_SERVERNAME_CB), and abort the connection from OpenSSL's point of view at that point. You then know the SNI value and can forward the stored handshake messages to the correct server. The callback is invoked fairly late, so OpenSSL needs to be able to parse the handshake messages. A separate Client Hello parser is not part of the OpenSSL public API. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
