ClientHello Callback

Question

ClientHello Callback

SteveSelva opened this issue a year ago · 4 comments

Does Fizz has callback function at the ClientHello message in TLS handshake?

Answer 1 · 2023-05-30T19:27:38.000Z

Currently there is no general purpose callback. Depending on your goal though, there are a number of ways to change behavior based on information in the ClientHello (eg, to select a certificate based on SNI you can implement a custom CertManager https://github.com/facebookincubator/fizz/blob/main/fizz/server/CertManager.h#L37, or use the default implementation which will select a certificate based on the SNI and SANs in the configured certificates).

Answer 2 · 2023-06-01T08:09:04.000Z

I want to generate a SSL Certificate on the fly using the SNI extension from the ClientHello message. Is this approach possible with the CertManager and if so how to do? Can you provide a example code please.

Answer 3 · 2023-06-01T17:16:27.000Z

Yes, it's certainly possible to generate a new cert on the fly in the CertManager (with a custom implementation of getCert()).

Answer 4 · 2023-06-05T07:59:18.000Z

Thanks @knekritz for your assistance.