[erlang-questions] Using SNI with cowboy:start_tls/3

Wed Jan 30 16:47:04 CET 2019

Thank you both. I’ll see if I can try getting under the hood with just ssl.

A bit surprised this hasn’t come up more often - I imagined people would want to host multiple names using cowboy pretty frequently! Not so, it seems?

If I get anywhere with it I’ll post back.

Thanks again,
Igor

> On 30 Jan 2019, at 11:32, Ingela Andin <ingela.andin@REDACTED> wrote:
> 
> Hi!
> Your exampel looks correct.  
> 
> Here is another one
> 
> {sni_hosts, 
>  [{"a.server", [{certfile, "a_cert.pem"},
>                 {keyfile, "a_key.pem"},
>                 {keyfile, "a_key.pem"}
>                ]},
>   {"b.server", [{certfile, "b_cert.pem"},
>                 {keyfile, "b_key.pem"},
>                 {keyfile, "b_key.pem"}
>                ]}
>  ]}
> 
> If you want to know if the problem is with cowboy or ssl try calling ssl API without cowboy
> 
> Regards Ingela 
> 
> 
> Den ons 30 jan. 2019 kl 00:26 skrev Loïc Hoguin <essen@REDACTED>:
>> Hey,
>> 
>> As far as Ranch is concerned, the options are given directly to the ssl 
>> application. What Ranch does is tweak some default values (unrelated to 
>> ssl), remove some options like active or packet (same), and pass them 
>> forward. The types in the docs are there merely for documentation purposes.
>> 
>> Afraid that's all the help I have.
>> 
>> Cheers,
>> 
>> On 28/01/2019 09:45, Igor Clark wrote:
>> > Hi there,
>> > 
>> > Does anyone have any examples of how to use sni_hosts correctly in 
>> > TransportOpts in cowboy:start_tls/3?
>> > 
>> > I want to use different certs for respective diferent hostnames, and I'm 
>> > having trouble deciphering the docs as the definition seems spread 
>> > across cowboy, ranch and erlang:ssl. From what I can tell the underlying 
>> > erlang:ssl wants this:
>> > 
>> > { sni_hosts, [ { hostname(), [ ssl_option() ] } ] }
>> > 
>> > which seems like it should work like e.g.
>> > 
>> > { sni_hosts, [ { "hostname1", [ { certfile, Certfile1 }, { keyfile, 
>> > Keyfile1 }, { cacertfile, CaCertFile1 } ] } ] }
>> > 
>> > but when I add that directly to the TransportOpts in cowboy:start_tls/3 
>> > alongside { port, Port } etc I just get bad_return. There are other 
>> > options that seem relevant e.g. server_name_indication but I'm finding 
>> > it tricky to piece it all together to make the right shape of 
>> > TransportOpts - I'm not clear whether the ssl_opts listed under the 
>> > ranch_ssl module docs 
>> > <https://ninenines.eu/docs/en/ranch/1.2/manual/ranch_ssl/> are simply 
>> > passed through from erlang:ssl <http://erlang.org/doc/man/ssl.html> or 
>> > whether they're a ranch-specific subset, and either way how to structure 
>> > the proplist to configure Cowboy to serve multiple TLS names.
>> > 
>> > Would very much appreciate any tips or examples!
>> > 
>> > Thanks,
>> > Igor
>> > 
>> > _______________________________________________
>> > erlang-questions mailing list
>> > erlang-questions@REDACTED
>> > http://erlang.org/mailman/listinfo/erlang-questions
>> > 
>> 
>> -- 
>> Loïc Hoguin
>> https://ninenines.eu
>> _______________________________________________
>> erlang-questions mailing list
>> erlang-questions@REDACTED
>> http://erlang.org/mailman/listinfo/erlang-questions
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20190130/f3daccee/attachment.htm>