On Sat, Nov 05, 2022 at 11:50:18AM +0100, Dirk Menstermann wrote: > Hello, > > I did few experiments with early data but was not successful in solving my > exotic use case: "Using early data dependent on the SNI" > > I control the server (linux, supports http2) based on OpenSSL 111q and use a > recent firefox as client: > > 1) Setting SSL_CTX_set_max_early_data in the SSL_CTX* works (FF sends early data) > 2) Setting SSL_set_max_early_data on the just created SSL* works (FF sends early > data) > 3) Setting SSL_set_max_early_data in the SNI callback during the handshake does > not work (FF does not send early data) > > I guess there is a dirty way to "peek" into the client hello and parse it > without OpenSSL, extracting the SNI and make it then like in 2), but I wonder if > there is a better way. > > Any idea? The SNI callback runs far too late for this purpose (and, to be honest, a lot of other purposes). You should be able to use the client_hello callback for it, though (https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_client_hello_cb.html). Note that SSL_get_servername() does not provide something useful within the client hello callback execution and you'll have to do something like https://github.com/openssl/openssl/blob/master/test/helpers/handshake.c#L146-L198 in order to access the provided SNI value from the client. -Ben
