Hi,<br><br>Here is an implementation of SSL SNI extension: RFC6066 Section 3.<br>- <a href="http://tools.ietf.org/html/rfc6066#section-3" target="_blank">http://tools.ietf.org/html/rfc6066#section-3</a><br>- <a href="https://en.wikipedia.org/wiki/Server_Name_Indication" target="_blank">https://en.wikipedia.org/wiki/Server_Name_Indication</a><br>
<br>It's kind of VirtualHosts for SSL: One SSL server with one IP/PORT couple can present differents SSL parameters.<br><br>To fetch:<br><span>git fetch </span><font color="#222222" face="arial, sans-serif">git://<a href="http://github.com/etrepum/otp.git" target="_blank">github.com/klyr/otp.git</a> ssl</font>_sni<br>
<br>Review at:<br><a href="https://github.com/jimenezrick/otp/compare/erlang:maint...fix-string-strip-doc" target="_blank">https://github.com/klyr/otp/compare/erlang:master...ssl_sni</a><br>
<a href="https://github.com/jimenezrick/otp/compare/erlang:maint...fix-string-strip-doc.patch" target="_blank">https://github.com/klyr/otp/compare/erlang:master...ssl_sni.patch</a><br>
<br>Feel free to comment/criticize the code and the API modification choices:<br>- ssl:sni_hostname(Socket): to get the hostname selected by the server or undefined if not found or not specified by the client,<br>
- a new sni_hosts server parameter to specify per-host configuration.<br><br>Basic usage example:<br><br>Opts = [<br> {certfile, "default.pem"}, {keyfile, "default.key"}, {verify, verify_none} % Default parameters<br>
{sni_hosts, [<br> {"<a href="http://vhost1.example.com" target="_blank">vhost1.example.com</a>", [{certfile, "vhost1.pem"}, {keyfile, "vhost1.key"}]},<br> {"<a href="http://vhost2.example.org" target="_blank">vhost2.example.org</a>", [{verify, verify_peer}]}<br>
]}<br>],<br><br>{ok, ListenSocket} = ssl:listen(9999, Opts),<br>{ok, S} = ssl:transport_accept(ListenSocket),<br>ok = ssl:ssl_accept(S),<br>SelectedHost = ssl:sni_hostname(S),<br>io:format("Selected Vhost: ~s~n", [SelectedHost]).<br>
<br>Best regards,<br><br>-- <br>Julien Barbot<br><br>