+ serialized.set_http_11(http_11);
+ serialized.set_close_after_response(close_after_response);
+
+ if (tls_context != nullptr) {
+ bool small_version = false;
+ int required_size = tls_export_context(tls_context, nullptr, 0, small_version);
+ if (required_size <= 0) {
+ // Can happen if we're in the middle of the key exchange, unfortunately.
+ // We'll get an error fairly fast, and this client hasn't started playing
+ // anything yet, so just log the error and continue.
+ //
+ // In theory, we could still rescue it if we had sent _zero_ bytes,
+ // by doing an entirely new TLS context, but it's an edge case
+ // that's not really worth it.
+ log(WARNING, "tls_export_context() failed (returned %d), TLS client might not survive across restart",
+ required_size);
+ } else {
+ string *serialized_context = serialized.mutable_tls_context();
+ serialized_context->resize(required_size);
+
+ int ret = tls_export_context(tls_context,
+ reinterpret_cast<unsigned char *>(&(*serialized_context)[0]),
+ serialized_context->size(),
+ small_version);
+ assert(ret == required_size);
+
+ // tls_export_context() has exported the contents of the write buffer, but it doesn't
+ // know how much of that we've consumed, so we need to figure that out by ourselves.
+ // In a sense, it's unlikely that this will ever be relevant, though, since TLSe can't
+ // currently serialize in-progress key exchanges.
+ unsigned base_tls_data_left_to_send;
+ const unsigned char *base_tls_data_to_send = tls_get_write_buffer(tls_context, &base_tls_data_left_to_send);
+ if (base_tls_data_to_send == nullptr) {
+ assert(tls_data_to_send == nullptr);
+ } else {
+ assert(tls_data_to_send + tls_data_left_to_send == base_tls_data_to_send + base_tls_data_left_to_send);
+ }
+ serialized.set_tls_output_bytes_already_consumed(tls_data_to_send - base_tls_data_to_send);
+ serialized.set_in_ktls_mode(in_ktls_mode);
+ }
+ }
+