facebookincubator/fizz

ClientHello Callback

SteveSelva opened this issue · 4 comments

Does Fizz has callback function at the ClientHello message in TLS handshake?

Currently there is no general purpose callback. Depending on your goal though, there are a number of ways to change behavior based on information in the ClientHello (eg, to select a certificate based on SNI you can implement a custom CertManager https://github.com/facebookincubator/fizz/blob/main/fizz/server/CertManager.h#L37, or use the default implementation which will select a certificate based on the SNI and SANs in the configured certificates).

I want to generate a SSL Certificate on the fly using the SNI extension from the ClientHello message. Is this approach possible with the CertManager and if so how to do? Can you provide a example code please.

Yes, it's certainly possible to generate a new cert on the fly in the CertManager (with a custom implementation of getCert()).

Thanks @knekritz for your assistance.