We've started using this crate to pre-parse the SNI and do some async work before handing it off to the synchronous rustls handshake.
We've stumbled on some issues parsing SNI in some scenarios. I'm not sure if it's just a question of different clients sending different TLS extension formats.
Error(([170, 170, 0, 0, 0, 0, 0, 23, 0, 21, 0, 0, 18, 119, 119, 119, 46, 97, 109, 105, 114, 97, 104, 122, 97, 107, 121, 46, 99, 111, 109, 0, 23, 0, 0, 255, 1, 0, 1, 0, 0, 10, 0, 10, 0, 8, 218, 218, 0, 29, 0, 23, 0, 24, 0, 11, 0, 2, 1, 0, 0, 35, 0, 0, 0, 16, 0, 14, 0, 12, 2, 104, 50, 8, 104, 116, 116, 112, 47, 49, 46, 49, 0, 5, 0, 5, 1, 0, 0, 0, 0, 0, 13, 0, 20, 0, 18, 4, 3, 8, 4, 4, 1, 5, 3, 8, 5, 5, 1, 8, 6, 6, 1, 2, 1, 0, 18, 0, 0, 0, 27, 0, 3, 2, 0, 2, 122, 122, 0, 1, 0], Tag))
��www.amirahzaky.com�
���#h2http/1.1
zz
It looks like the data is in there? The error doesn't say this is incomplete, so I assume this is a parser issue?
Thanks for creating this, it's a huge time save for us.
let acceptor = store.get(&svc, &metrics, should_h2).await?;
let mut bytes = [0; 1024];
let n = io.peek(&mut bytes).await?;
log::trace!("read {} bytes from tls handshake", n);
let res = tls_parser::parse_tls_plaintext(&bytes);
match res {
Ok((_rem, record)) => {
// rem is the remaining data (not parsed)
// record is an object of type TlsRecord
log::trace!("record: {:?}", record);
match record.msg.get(0) {
Some(tls_parser::tls::TlsMessage::Handshake(
tls_parser::tls::TlsMessageHandshake::ClientHello(hello_contents),
)) => match hello_contents.ext {
Some(exts) => match tls_parser::tls_extensions::parse_tls_extension_sni(exts) {
Ok((_rem, tls_parser::tls_extensions::TlsExtension::SNI(sni))) => {
match sni.get(0) {
Some((tls_parser::tls_extensions::SNIType::HostName, hostname)) => {
let hostname = std::str::from_utf8(hostname)?;
log::debug!("got hostname: {}", hostname);
store.ensure_cert(svc, should_h2, hostname).await;
}
_ => log::warn!("unhandled SNI Type!"),
};
}
Err(e) => {
log::debug!("error decoding sni: {:?}", e);
}
_ => {
log::warn!("did not find SNI");
}
},
_ => {
log::warn!("could not get client hello contents");
}
},
_ => log::warn!("didn't care about message type..."),
};
}
Err(nom::Err::Incomplete(needed)) => {
log::error!(
"Defragmentation required (TLS record), needed: {:?}",
needed
);
}
Err(e) => {
log::debug!("parse_tls_plaintext failed: {:?}", e);
}
};