Add a sni() method with a default implementation to QuicCryptoStream.

Note:
The new method is expected to be used by Envoy but not yet.
PiperOrigin-RevId: 915442406

quiche/quic/core/quic_crypto_stream.cc

diff --git a/quiche/quic/core/quic_crypto_stream.cc b/quiche/quic/core/quic_crypto_stream.cc
index ffb27da..721da56 100644
--- a/quiche/quic/core/quic_crypto_stream.cc
+++ b/quiche/quic/core/quic_crypto_stream.cc
@@ -12,6 +12,8 @@
 
 #include "absl/strings/str_cat.h"
 #include "absl/strings/string_view.h"
+#include "openssl/base.h"
+#include "openssl/ssl.h"
 #include "quiche/quic/core/crypto/crypto_handshake.h"
 #include "quiche/quic/core/frames/quic_crypto_frame.h"
 #include "quiche/quic/core/quic_connection.h"
@@ -613,5 +615,20 @@
   QUICHE_CODE_COUNT(quic_crypto_stream_reset_crypto_substreams);
 }
 
+absl::string_view QuicCryptoStream::sni() const {
+  if (!VersionIsIetfQuic(session()->transport_version())) {
+    return {};
+  }
+  const SSL* ssl = GetSsl();
+  if (ssl == nullptr) {
+    return {};
+  }
+  const char* sni = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
+  if (sni != nullptr) {
+    return sni;
+  }
+  return {};
+}
+
 #undef ENDPOINT  // undef for jumbo builds
 }  // namespace quic

quiche/quic/core/quic_crypto_stream.h

diff --git a/quiche/quic/core/quic_crypto_stream.h b/quiche/quic/core/quic_crypto_stream.h
index 6afd415..b76be3f 100644
--- a/quiche/quic/core/quic_crypto_stream.h
+++ b/quiche/quic/core/quic_crypto_stream.h
@@ -174,9 +174,11 @@
 
   // Return the SSL struct object created by BoringSSL if the stream is using
   // TLS1.3. Otherwise, return nullptr.
-  // This method is used in Envoy.
+  // Note this method may return a nullptr after the TLS handshake is completed.
   virtual SSL* GetSsl() const = 0;
 
+  virtual absl::string_view sni() const;
+
   // Called to cancel retransmission of unencrypted crypto stream data.
   void NeuterUnencryptedStreamData();