[erlang-questions] Using SNI with cowboy:start_tls/3

Igor Clark igor.clark@REDACTED
Mon Jan 28 09:45:30 CET 2019

Hi there,

Does anyone have any examples of how to use sni_hosts correctly in TransportOpts in cowboy:start_tls/3?

I want to use different certs for respective diferent hostnames, and I'm having trouble deciphering the docs as the definition seems spread across cowboy, ranch and erlang:ssl. From what I can tell the underlying erlang:ssl wants this:

{ sni_hosts, [ { hostname(), [ ssl_option() ] } ] } 

which seems like it should work like e.g.

{ sni_hosts, [ { "hostname1", [ { certfile, Certfile1 }, { keyfile, Keyfile1 }, { cacertfile, CaCertFile1 } ] } ] }

but when I add that directly to the TransportOpts in cowboy:start_tls/3 alongside { port, Port } etc I just get bad_return. There are other options that seem relevant e.g. server_name_indication but I'm finding it tricky to piece it all together to make the right shape of TransportOpts - I'm not clear whether the ssl_opts listed under the ranch_ssl module docs <https://ninenines.eu/docs/en/ranch/1.2/manual/ranch_ssl/> are simply passed through from erlang:ssl <http://erlang.org/doc/man/ssl.html> or whether they're a ranch-specific subset, and either way how to structure the proplist to configure Cowboy to serve multiple TLS names.

Would very much appreciate any tips or examples!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20190128/6de4fc52/attachment.htm>

More information about the erlang-questions mailing list