git.ipfire.org Git - thirdparty/haproxy.git/commit

author	sftcd <stephen.farrell@cs.tcd.ie>
	Fri, 26 Sep 2025 21:17:13 +0000 (22:17 +0100)
committer	William Lallemand <wlallemand@haproxy.com>
	Thu, 30 Oct 2025 09:37:30 +0000 (10:37 +0100)
commit	23f5cbb41101f81699b5c73befc93570129fdae9
tree	3894b8e3355d58de8ec6b37506d7015b36f5c656	tree \| snapshot
parent	dba4fd248a13fb0f3135619b14e3cf20b6674d10	commit \| diff

MINOR: ssl/ech: add logging and sample fetches for ECH status and outer SNI

This patch adds functions to expose Encrypted Client Hello (ECH) status
and outer SNI information for logging and sample fetching.

Two new helper functions are introduced in ech.c:
- conn_get_ech_status() places the ECH processing status string into a
buffer.
- conn_get_ech_outer_sni() retrieves the outer SNI value if ECH
succeeded.

Two new sample fetch keywords are added:
- "ssl_fc_ech_status" returns the ECH status string.
- "ssl_fc_ech_outer_sni" returns the outer SNI value seen during ECH.

These allow ECH information to be used in HAProxy logs, ACLs, and
captures.

include/haproxy/ech.h		diff \| blob \| blame \| history
src/ech.c		diff \| blob \| blame \| history
src/ssl_sample.c		diff \| blob \| blame \| history