Fix SNI header parsing

When a listener is configured to deal with TLS upstreams, we use the SNI field of the TLS ClientHello message to decide where to send the traffic. Therefore, a buffer of 1024 bytes was used to temporarily store this message. However, a TLS ClientHello message can be larger than that, up to 16K bytes. So now the first few bytes are read and manually parsed to find out how long the message is. And then the entire ClientHello message is retrieved. So hopefully that will fix the issue causing the ClientHello determination to fail. Closes #10 Signed-off-by: Jacob Kiers <code@kiers.eu>
2025-01-09 20:23:02 +01:00
parent aff46b6bfb
commit b7ec67ed07
3 changed files with 574 additions and 28 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

 ## [Unreleased]

+### Fixed
+
+* The ClientHello TLS header is now read in full before it is parsed, solving
+  an error where there was not enough data to fully read it. In those cases
+  it was not possible to determine the upstream address and therefore the proxy
+  would go the the default action instead.
+
 ### Changed

 * Updated some dependencies to prevent the build from breaking.