extern struct list openssl_providers;
extern struct stats_module ssl_stats_module;
+uint64_t ssl_sock_sni_hash(const struct ist sni);
int ssl_sock_prep_ctx_and_inst(struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
SSL_CTX *ctx, struct ckch_inst *ckch_inst, char **err);
int ssl_sock_prep_srv_ctx_and_inst(const struct server *srv, SSL_CTX *ctx,
int nb_engines = 0;
static struct eb_root cert_issuer_tree = EB_ROOT; /* issuers tree from "issuers-chain-path" */
+static uint64_t sni_hash_seed = 0; /* Seed used to compute hash of SNIs */
struct global_ssl global_ssl = {
#ifdef LISTEN_DEFAULT_CIPHERS
__decl_thread(HA_SPINLOCK_T ckch_lock);
-
+/* Returns the hash corresponding to <sni> */
+uint64_t ssl_sock_sni_hash(const struct ist sni)
+{
+ return XXH3(istptr(sni), istlen(sni), sni_hash_seed);
+}
/* mimic what X509_STORE_load_locations do with store_ctx */
static int ssl_set_cert_crl_file(X509_STORE *store_ctx, char *path)
HA_SPIN_INIT(&ocsp_tree_lock);
#endif
+ sni_hash_seed = ha_random64();
+
/* Try to register dedicated SSL/TLS protocol message callbacks for
* heartbleed attack (CVE-2014-0160) and clienthello.
*/
projects / thirdparty / haproxy.git / commitdiff
