Problem
OpenSSL provides SSL_client_hello_get0_ext(), SSL_client_hello_get0_ciphers() and SSL_client_hello_get1_extensions_present() to get client hello from an SSL object. BoringSSL doesn't have comparable functions. It requires the SSL_CLIENT_HELLO object via SSL_early_callback_ctx_extension_get(). Currently, there's no way to get the SSL_CLIENT_HELLO object in plugins, which causes friction when writing SSL-related plugins that need to work with both libraries.

Proposed Solution:

TSClientHello TSVConnClientHelloGet(TSVConn sslp);

This API provides access to the SSL_CLIENT_HELLO object within plugins and is usable during SSL hooks (TS_SSL_CLIENT_HELLO_HOOK, TS_SSL_SERVERNAME_HOOK).

Use Case: This enables plugins to access ClientHello data (cipher suites, extensions, SNI, ALPN, supported TLS versions) when using BoringSSL. Currently, the ja4_fingerprint plugin only works for openssl, this change allows us to add boringssl support.

Implementation Notes:

• The SSL_CLIENT_HELLO is captured during the client hello callback and stored in TLSSNISupport
• The data is valid during SSL handshake hooks
• For OpenSSL, plugins can continue using existing TSSslConnectionGet() approach

This is a non-breaking addition. Existing OpenSSL-based plugins continue to work unchanged.