The diff it looks like a safe change, but I think we should move the domain_name from ssl_array_data to ssl_data_t, like it was in 8.6. keep other fields in ssl_array_data only move the domain_name out. The issues I see with keeping have 2 copies of domain name

 1 we need to sync them somehow

 2 we will forget why there is a second domain name   structure and it will cause more confusion

 3 it also takes double the memory.

As long as there are no complicated dependencies, which there should not be based on the diff for svn revision 24306 in rel_apv_10_7_3. We can discuss more if needed.

here we check for ssl_array_data to be present, this is not the case anymore. we shuold check for domain_name not being empty. Also should we add the comment saying that it used to be in ssl_array_data and since we do not reset the domain name after handshake is finished we can still check for data to make sure we did not break earlier functionality.

please add comment here, just mention something like we copy sni from the client i.e. vs_sslp to be send to the real server
Also should we check if the vs_sslp->domain_name is empty before copying it over. It probably does not matter but does not make sense to copy if it's empty

Need to make sure it's bzeroed.I did not see the code where this field is initialised. If the whole ssl_data is bzero please point out where. When this was part of ssl_array_data the whole array_data was malloced and initialized.
some places to concider rhost restart, renegotiation etc.

I recommend looking for ssl_array_data being initialized and see which ones domain_name should be reset. we can call if more clarification is needed

Ship It!

Ship It!