rate_limit: convert to using TSVConnSslSniGet (#8414)

(cherry picked from commit a62541f)

Author: randall

plugins/experimental/rate_limit/rate_limit.cc

@@ -25,9 +25,6 @@
 #include "txn_limiter.h"
 #include "utilities.h"
 
-// Needs special OpenSSL APIs as a global plugin for early CLIENT_HELLO inspection
-#if TS_USE_HELLO_CB
-
 #include "sni_selector.h"
 #include "sni_limiter.h"
 
@@ -84,8 +81,6 @@ TSPluginInit(int argc, const char *argv[])
   }
 }
 
-#endif
-
 ///////////////////////////////////////////////////////////////////////////////
 // Setup stuff for the remap plugin
 //

plugins/experimental/rate_limit/sni_limiter.cc

@@ -17,9 +17,6 @@
  */
 #include "tscore/ink_config.h"
 
-// Needs special OpenSSL APIs as a global plugin for early CLIENT_HELLO inspection
-#if TS_USE_HELLO_CB
-
 #include <unistd.h>
 #include <getopt.h>
 #include <cstdlib>
@@ -43,9 +40,9 @@ sni_limit_cont(TSCont contp, TSEvent event, void *edata)
 
   switch (event) {
   case TS_EVENT_SSL_CLIENT_HELLO: {
-    TSSslConnection ssl_conn  = TSVConnSslConnectionGet(vc);
-    SSL *ssl                  = reinterpret_cast<SSL *>(ssl_conn);
-    std::string_view sni_name = getSNI(ssl);
+    int len;
+    const char *server_name = TSVConnSslSniGet(vc, &len);
+    std::string_view sni_name(server_name, len);
 
     if (!sni_name.empty()) { // This should likely always succeed, but without it we can't do anything
       SniRateLimiter *limiter = selector->find(sni_name);
@@ -128,5 +125,3 @@ SniRateLimiter::initialize(int argc, const char *argv[])
 
   return true;
 }
-
-#endif

plugins/experimental/rate_limit/sni_selector.cc

@@ -17,9 +17,6 @@
  */
 #include "tscore/ink_config.h"
 
-// Needs special OpenSSL APIs as a global plugin for early CLIENT_HELLO inspection
-#if TS_USE_HELLO_CB
-
 #include <cstring>
 
 #include "sni_limiter.h"
@@ -136,5 +133,3 @@ SniSelector::setupQueueCont()
     _action = TSContScheduleEveryOnPool(_queue_cont, QUEUE_DELAY_TIME.count(), TS_THREAD_POOL_TASK);
   }
 }
-
-#endif

plugins/experimental/rate_limit/utilities.cc

@@ -21,47 +21,6 @@
 #include "ts/remap.h"
 #include "utilities.h"
 
-// Needs special OpenSSL APIs as a global plugin for early CLIENT_HELLO inspection
-#if TS_USE_HELLO_CB
-
-std::string_view
-getSNI(SSL *ssl)
-{
-  const char *servername = nullptr;
-  const unsigned char *p;
-  size_t remaining, len = 0;
-
-  // Parse the server name if the get extension call succeeds and there are more than 2 bytes to parse
-  if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_server_name, &p, &remaining) && remaining > 2) {
-    // Parse to get to the name, originally from test/handshake_helper.c in openssl tree
-    /* Extract the length of the supplied list of names. */
-    len = *(p++) << 8;
-    len += *(p++);
-    if (len + 2 == remaining) {
-      remaining = len;
-      /*
-       * The list in practice only has a single element, so we only consider
-       * the first one.
-       */
-      if (*p++ == TLSEXT_NAMETYPE_host_name) {
-        remaining--;
-        /* Now we can finally pull out the byte array with the actual hostname. */
-        if (remaining > 2) {
-          len = *(p++) << 8;
-          len += *(p++);
-          if (len + 2 <= remaining) {
-            servername = reinterpret_cast<const char *>(p);
-          }
-        }
-      }
-    }
-  }
-
-  return std::string_view(servername, servername ? len : 0);
-}
-
-#endif
-
 ///////////////////////////////////////////////////////////////////////////////
 // Add a header with the delay imposed on this transaction. This can be used
 // for logging, and other types of metrics.

plugins/experimental/rate_limit/utilities.h

@@ -24,6 +24,5 @@
 
 constexpr char const PLUGIN_NAME[] = "rate_limit";
 
-std::string_view getSNI(SSL *ssl);
 void delayHeader(TSHttpTxn txnp, std::string &header, std::chrono::milliseconds delay);
 void retryAfter(TSHttpTxn txnp, unsigned retry);