MINOR: ssl: add 'ssl_npn' sample/acl to extract TLS/NPN information
This may be used to distinguish between SPDY versions for example.
diff --git a/doc/configuration.txt b/doc/configuration.txt
index 208c432..119f440 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -8339,6 +8339,12 @@
that the SSL library is build with support for TLS extensions enabled (check
haproxy -vv).
+ssl_npn <string>
+ Returns true when the incoming connection was made over an SSL/TLS transport
+ layer which deciphered it and found a Next Protocol Negociation TLS extension
+ sent by the client, matching the specified string. This requires that the SSL
+ library is build with support for TLS extensions enabled (check haproxy -vv).
+
ssl_sni <string>
Returns true when the incoming connection was made over an SSL/TLS transport
layer which deciphered it and found a Server Name Indication TLS extension
@@ -8996,6 +9002,13 @@
otherwise zero. This requires that the SSL library is build with
support for TLS extensions enabled (check haproxy -vv).
+ ssl_npn This extracts the Next Protocol Negociation field from an
+ incoming connection made via an SSL/TLS transport layer and
+ locally deciphered by haproxy. The result is a string containing
+ the protocol name advertised by the client. The SSL library must
+ have been built with support for TLS extensions enabled (check
+ haproxy -vv).
+
ssl_sni This extracts the Server Name Indication field from an incoming
connection made via an SSL/TLS transport layer and locally
deciphered by haproxy. The result typically is a string matching