commit 0cb2744840f292a78570fd886061b7d2893e0844
author Kazuho Oku <kazuhooku@gmail.com> Thu Feb 02 14:31:18 2023 +0900
committer Kazuho Oku <kazuhooku@gmail.com> Thu Feb 02 14:31:18 2023 +0900
tree 33b897696c790da419b88155741570890eb53c47
parent 268dd12fd37b35a2a2042e4708c152cc3fd305af

expose unparsed list of ciphers instead

include/picotls.h

diff --git a/include/picotls.h b/include/picotls.h
index bb7db6c..dc4cd76 100644
--- a/include/picotls.h
+++ b/include/picotls.h
@@ -626,6 +626,10 @@
         size_t count;
     } server_certificate_types;
     /**
+     * points to the cipher-suites section of the raw_message (see above)
+     */
+    ptls_iovec_t raw_client_ciphers;
+    /**
      * set to 1 if ClientHello is too old (or too new) to be handled by picotls
      */
     unsigned incompatible_version : 1;

lib/picotls.c

diff --git a/lib/picotls.c b/lib/picotls.c
index 05b4f77..abb17b6 100644
--- a/lib/picotls.c
+++ b/lib/picotls.c
@@ -3906,7 +3906,8 @@
 static inline int call_on_client_hello_cb(ptls_t *tls, ptls_iovec_t server_name, ptls_iovec_t raw_message, ptls_iovec_t *alpns,
                                           size_t num_alpns, const uint16_t *sig_algos, size_t num_sig_algos,
                                           const uint16_t *cert_comp_algos, size_t num_cert_comp_algos,
-                                          const uint8_t *server_cert_types, size_t num_server_cert_types, int incompatible_version)
+                                          const uint8_t *server_cert_types, size_t num_server_cert_types,
+                                          ptls_iovec_t raw_cipher_suites, int incompatible_version)
 {
     if (tls->ctx->on_client_hello == NULL)
         return 0;
@@ -3917,6 +3918,7 @@
                                                 {sig_algos, num_sig_algos},
                                                 {cert_comp_algos, num_cert_comp_algos},
                                                 {server_cert_types, num_server_cert_types},
+                                                raw_cipher_suites,
                                                 incompatible_version};
     return tls->ctx->on_client_hello->cb(tls->ctx->on_client_hello, tls, &params);
 }
@@ -3940,7 +3942,7 @@
         if (!is_second_flight) {
             int ret;
             if ((ret = call_on_client_hello_cb(tls_cbarg, ch->server_name, raw_message, ch->alpn.list, ch->alpn.count, NULL, 0,
-                                               NULL, 0, NULL, 0, 1)) != 0)
+                                               NULL, 0, NULL, 0, ch->cipher_suites, 1)) != 0)
                 return ret;
         }
         return PTLS_ALERT_PROTOCOL_VERSION;
@@ -4312,7 +4314,7 @@
         if ((ret = call_on_client_hello_cb(tls, server_name, message, ch->alpn.list, ch->alpn.count, ch->signature_algorithms.list,
                                            ch->signature_algorithms.count, ch->cert_compression_algos.list,
                                            ch->cert_compression_algos.count, ch->server_certificate_types.list,
-                                           ch->server_certificate_types.count, 0)) != 0)
+                                           ch->server_certificate_types.count, ch->cipher_suites, 0)) != 0)
             goto Exit;
         if (!certificate_type_exists(ch->server_certificate_types.list, ch->server_certificate_types.count,
                                      tls->ctx->use_raw_public_keys ? PTLS_CERTIFICATE_TYPE_RAW_PUBLIC_KEY