diff --git a/pingora-core/src/protocols/tls/boringssl_openssl/stream.rs b/pingora-core/src/protocols/tls/boringssl_openssl/stream.rs index 034c57cf..5269b48d 100644 --- a/pingora-core/src/protocols/tls/boringssl_openssl/stream.rs +++ b/pingora-core/src/protocols/tls/boringssl_openssl/stream.rs @@ -13,6 +13,7 @@ // limitations under the License. use crate::protocols::digest::TimingDigest; +use crate::protocols::tls::boringssl_openssl::stream::ssl::NameType; use crate::protocols::tls::{SslDigest, ALPN}; use crate::protocols::{Peek, Ssl, UniqueID, UniqueIDType}; use crate::tls::{self, ssl, tokio_ssl::SslStream as InnerSsl}; @@ -202,6 +203,8 @@ impl SslDigest { } None => (Vec::new(), None, None), }; + let sni = ssl.servername(NameType::HOST_NAME); + let sni_string: Option = sni.map(ToOwned::to_owned); SslDigest { cipher, @@ -209,6 +212,7 @@ impl SslDigest { organization: org, serial_number: sn, cert_digest, + sni: sni_string, } } } diff --git a/pingora-core/src/protocols/tls/digest.rs b/pingora-core/src/protocols/tls/digest.rs index 8cfe49c0..87519a46 100644 --- a/pingora-core/src/protocols/tls/digest.rs +++ b/pingora-core/src/protocols/tls/digest.rs @@ -27,4 +27,6 @@ pub struct SslDigest { pub serial_number: Option, /// The digest of the peer's certificate pub cert_digest: Vec, + /// the SNI used in the negotiation + pub sni: Option, } diff --git a/pingora-core/src/protocols/tls/rustls/stream.rs b/pingora-core/src/protocols/tls/rustls/stream.rs index 146626bb..ff3e6199 100644 --- a/pingora-core/src/protocols/tls/rustls/stream.rs +++ b/pingora-core/src/protocols/tls/rustls/stream.rs @@ -384,12 +384,15 @@ impl SslDigest { .map(|(organization, serial)| (organization, Some(serial))) .unwrap_or_default(); + let sni = None; + SslDigest { cipher, version, organization, serial_number, cert_digest, + sni, } } }