Skip to main content

Module sni_peek

Module sni_peek 

Source
Expand description

Minimal, defensive TLS ClientHello SNI parser.

This is used by the HTTPS ingress to peek at the SNI host name in a ClientHello before terminating TLS, so an unmanaged SNI can be TCP-spliced straight to its real upstream instead of hanging the client when no matching certificate exists.

The parser is deliberately tiny and never panics: every multi-byte read is bounds-checked and any malformed / truncated input yields None.

Functionsยง

parse_sni
Extract the first server_name (SNI) host from a raw TLS ClientHello.