[erlang-patches] Server Name Indication SSL extension
Julien Barbot
klyr@REDACTED
Sat May 12 02:16:10 CEST 2012
Hi,
Here is an implementation of SSL SNI extension: RFC6066 Section 3.
- http://tools.ietf.org/html/rfc6066#section-3
- https://en.wikipedia.org/wiki/Server_Name_Indication
It's kind of VirtualHosts for SSL: One SSL server with one IP/PORT couple
can present differents SSL parameters.
To fetch:
git fetch git://github.com/klyr/otp.git <http://github.com/etrepum/otp.git>ssl
_sni
Review at:
https://github.com/klyr/otp/compare/erlang:master...ssl_sni<https://github.com/jimenezrick/otp/compare/erlang:maint...fix-string-strip-doc>
https://github.com/klyr/otp/compare/erlang:master...ssl_sni.patch<https://github.com/jimenezrick/otp/compare/erlang:maint...fix-string-strip-doc.patch>
Feel free to comment/criticize the code and the API modification choices:
- ssl:sni_hostname(Socket): to get the hostname selected by the server or
undefined if not found or not specified by the client,
- a new sni_hosts server parameter to specify per-host configuration.
Basic usage example:
Opts = [
{certfile, "default.pem"}, {keyfile, "default.key"}, {verify,
verify_none} % Default parameters
{sni_hosts, [
{"vhost1.example.com", [{certfile, "vhost1.pem"}, {keyfile,
"vhost1.key"}]},
{"vhost2.example.org", [{verify, verify_peer}]}
]}
],
{ok, ListenSocket} = ssl:listen(9999, Opts),
{ok, S} = ssl:transport_accept(ListenSocket),
ok = ssl:ssl_accept(S),
SelectedHost = ssl:sni_hostname(S),
io:format("Selected Vhost: ~s~n", [SelectedHost]).
Best regards,
--
Julien Barbot
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-patches/attachments/20120512/e5e5c393/attachment.htm>
More information about the erlang-patches
mailing list