Expand description
Minimal, defensive TLS ClientHello SNI parser.
This is used by the HTTPS ingress to peek at the SNI host name in a
ClientHello before terminating TLS, so an unmanaged SNI can be
TCP-spliced straight to its real upstream instead of hanging the client
when no matching certificate exists.
The parser is deliberately tiny and never panics: every multi-byte read is
bounds-checked and any malformed / truncated input yields None.
Functionsยง
- parse_
sni - Extract the first
server_name(SNI) host from a raw TLSClientHello.