expose unparsed list of ciphers instead
diff --git a/include/picotls.h b/include/picotls.h
index bb7db6c..dc4cd76 100644
--- a/include/picotls.h
+++ b/include/picotls.h
@@ -626,6 +626,10 @@
size_t count;
} server_certificate_types;
/**
+ * points to the cipher-suites section of the raw_message (see above)
+ */
+ ptls_iovec_t raw_client_ciphers;
+ /**
* set to 1 if ClientHello is too old (or too new) to be handled by picotls
*/
unsigned incompatible_version : 1;
diff --git a/lib/picotls.c b/lib/picotls.c
index 05b4f77..abb17b6 100644
--- a/lib/picotls.c
+++ b/lib/picotls.c
@@ -3906,7 +3906,8 @@
static inline int call_on_client_hello_cb(ptls_t *tls, ptls_iovec_t server_name, ptls_iovec_t raw_message, ptls_iovec_t *alpns,
size_t num_alpns, const uint16_t *sig_algos, size_t num_sig_algos,
const uint16_t *cert_comp_algos, size_t num_cert_comp_algos,
- const uint8_t *server_cert_types, size_t num_server_cert_types, int incompatible_version)
+ const uint8_t *server_cert_types, size_t num_server_cert_types,
+ ptls_iovec_t raw_cipher_suites, int incompatible_version)
{
if (tls->ctx->on_client_hello == NULL)
return 0;
@@ -3917,6 +3918,7 @@
{sig_algos, num_sig_algos},
{cert_comp_algos, num_cert_comp_algos},
{server_cert_types, num_server_cert_types},
+ raw_cipher_suites,
incompatible_version};
return tls->ctx->on_client_hello->cb(tls->ctx->on_client_hello, tls, ¶ms);
}
@@ -3940,7 +3942,7 @@
if (!is_second_flight) {
int ret;
if ((ret = call_on_client_hello_cb(tls_cbarg, ch->server_name, raw_message, ch->alpn.list, ch->alpn.count, NULL, 0,
- NULL, 0, NULL, 0, 1)) != 0)
+ NULL, 0, NULL, 0, ch->cipher_suites, 1)) != 0)
return ret;
}
return PTLS_ALERT_PROTOCOL_VERSION;
@@ -4312,7 +4314,7 @@
if ((ret = call_on_client_hello_cb(tls, server_name, message, ch->alpn.list, ch->alpn.count, ch->signature_algorithms.list,
ch->signature_algorithms.count, ch->cert_compression_algos.list,
ch->cert_compression_algos.count, ch->server_certificate_types.list,
- ch->server_certificate_types.count, 0)) != 0)
+ ch->server_certificate_types.count, ch->cipher_suites, 0)) != 0)
goto Exit;
if (!certificate_type_exists(ch->server_certificate_types.list, ch->server_certificate_types.count,
tls->ctx->use_raw_public_keys ? PTLS_CERTIFICATE_TYPE_RAW_PUBLIC_KEY