ClientHello Callback - Githubissues

facebookincubator / fizz

C++14 implementation of the TLS-1.3 standard

Other

1.14k stars 162 forks source link

ClientHello Callback #90

Closed SteveSelva closed 1 year ago

SteveSelva commented 1 year ago

Does Fizz has callback function at the ClientHello message in TLS handshake?

knekritz commented 1 year ago

Currently there is no general purpose callback. Depending on your goal though, there are a number of ways to change behavior based on information in the ClientHello (eg, to select a certificate based on SNI you can implement a custom CertManager https://github.com/facebookincubator/fizz/blob/main/fizz/server/CertManager.h#L37, or use the default implementation which will select a certificate based on the SNI and SANs in the configured certificates).

SteveSelva commented 1 year ago

I want to generate a SSL Certificate on the fly using the SNI extension from the ClientHello message. Is this approach possible with the CertManager and if so how to do? Can you provide a example code please.

knekritz commented 1 year ago

Yes, it's certainly possible to generate a new cert on the fly in the CertManager (with a custom implementation of getCert()).

SteveSelva commented 1 year ago

Thanks @knekritz for your assistance.