call it the way it was called, move to a location that makes more sense
diff --git a/include/picotls.h b/include/picotls.h
index dc4cd76..0a42d52 100644
--- a/include/picotls.h
+++ b/include/picotls.h
@@ -607,6 +607,10 @@
*/
ptls_iovec_t raw_message;
/**
+ * points to the cipher-suites section of the raw_message (see above)
+ */
+ ptls_iovec_t cipher_suites;
+ /**
*
*/
struct {
@@ -626,10 +630,6 @@
size_t count;
} server_certificate_types;
/**
- * points to the cipher-suites section of the raw_message (see above)
- */
- ptls_iovec_t raw_client_ciphers;
- /**
* set to 1 if ClientHello is too old (or too new) to be handled by picotls
*/
unsigned incompatible_version : 1;
diff --git a/lib/picotls.c b/lib/picotls.c
index e1d0dfd..29d737f 100644
--- a/lib/picotls.c
+++ b/lib/picotls.c
@@ -3907,22 +3907,22 @@
/* Wrapper function for invoking the on_client_hello callback, taking an exhaustive list of parameters as arguments. The intention
* is to not miss setting them as we add new parameters to the struct. */
-static inline int call_on_client_hello_cb(ptls_t *tls, ptls_iovec_t server_name, ptls_iovec_t raw_message, ptls_iovec_t *alpns,
- size_t num_alpns, const uint16_t *sig_algos, size_t num_sig_algos,
- const uint16_t *cert_comp_algos, size_t num_cert_comp_algos,
- const uint8_t *server_cert_types, size_t num_server_cert_types,
- ptls_iovec_t raw_cipher_suites, int incompatible_version)
+static inline int call_on_client_hello_cb(ptls_t *tls, ptls_iovec_t server_name, ptls_iovec_t raw_message,
+ ptls_iovec_t cipher_suites, ptls_iovec_t *alpns, size_t num_alpns,
+ const uint16_t *sig_algos, size_t num_sig_algos, const uint16_t *cert_comp_algos,
+ size_t num_cert_comp_algos, const uint8_t *server_cert_types,
+ size_t num_server_cert_types, int incompatible_version)
{
if (tls->ctx->on_client_hello == NULL)
return 0;
ptls_on_client_hello_parameters_t params = {server_name,
raw_message,
+ cipher_suites,
{alpns, num_alpns},
{sig_algos, num_sig_algos},
{cert_comp_algos, num_cert_comp_algos},
{server_cert_types, num_server_cert_types},
- raw_cipher_suites,
incompatible_version};
return tls->ctx->on_client_hello->cb(tls->ctx->on_client_hello, tls, ¶ms);
}
@@ -3945,8 +3945,8 @@
/* fail with PROTOCOL_VERSION alert, after providing the applications the raw CH and SNI to help them fallback */
if (!is_second_flight) {
int ret;
- if ((ret = call_on_client_hello_cb(tls_cbarg, ch->server_name, raw_message, ch->alpn.list, ch->alpn.count, NULL, 0,
- NULL, 0, NULL, 0, ch->cipher_suites, 1)) != 0)
+ if ((ret = call_on_client_hello_cb(tls_cbarg, ch->server_name, raw_message, ch->cipher_suites, ch->alpn.list,
+ ch->alpn.count, NULL, 0, NULL, 0, NULL, 0, 1)) != 0)
return ret;
}
return PTLS_ALERT_PROTOCOL_VERSION;
@@ -4315,10 +4315,10 @@
ptls_iovec_t server_name = {NULL};
if (ch->server_name.base != NULL)
server_name = ch->server_name;
- if ((ret = call_on_client_hello_cb(tls, server_name, message, ch->alpn.list, ch->alpn.count, ch->signature_algorithms.list,
- ch->signature_algorithms.count, ch->cert_compression_algos.list,
- ch->cert_compression_algos.count, ch->server_certificate_types.list,
- ch->server_certificate_types.count, ch->cipher_suites, 0)) != 0)
+ if ((ret = call_on_client_hello_cb(tls, server_name, message, ch->cipher_suites, ch->alpn.list, ch->alpn.count,
+ ch->signature_algorithms.list, ch->signature_algorithms.count,
+ ch->cert_compression_algos.list, ch->cert_compression_algos.count,
+ ch->server_certificate_types.list, ch->server_certificate_types.count, 0)) != 0)
goto Exit;
if (!certificate_type_exists(ch->server_certificate_types.list, ch->server_certificate_types.count,
tls->ctx->use_raw_public_keys ? PTLS_CERTIFICATE_TYPE_RAW_PUBLIC_KEY