[erlang-questions] Using SNI with cowboy:start_tls/3

Ingela Andin ingela.andin@REDACTED
Wed Jan 30 18:18:34 CET 2019 

 Actually the easiest way to handle the new options based on sni extention
nowdays is to use the handshske_continue functionallity. I do not know if
that works with cowboy.

Regards Ingela

onsdag 30 januari 2019 skrev Igor Clark <igor.clark@REDACTED>:

> Thank you both. I’ll see if I can try getting under the hood with just ssl.
>
> A bit surprised this hasn’t come up more often - I imagined people would
> want to host multiple names using cowboy pretty frequently! Not so, it
> seems?
>
> If I get anywhere with it I’ll post back.
>
> Thanks again,
> Igor
>
> On 30 Jan 2019, at 11:32, Ingela Andin <ingela.andin@REDACTED> wrote:
>
> Hi!
> Your exampel looks correct.
>
> Here is another one
>
> {sni_hosts,
>  [{"a.server", [{certfile, "a_cert.pem"},
>                 {keyfile, "a_key.pem"},
>                 {keyfile, "a_key.pem"}
>                ]},
>   {"b.server", [{certfile, "b_cert.pem"},
>                 {keyfile, "b_key.pem"},
>                 {keyfile, "b_key.pem"}
>                ]}
>  ]}
>
> If you want to know if the problem is with cowboy or ssl try calling ssl
> API without cowboy
>
> Regards Ingela
>
>
> Den ons 30 jan. 2019 kl 00:26 skrev Loïc Hoguin <essen@REDACTED>:
>
>> Hey,
>>
>> As far as Ranch is concerned, the options are given directly to the ssl
>> application. What Ranch does is tweak some default values (unrelated to
>> ssl), remove some options like active or packet (same), and pass them
>> forward. The types in the docs are there merely for documentation
>> purposes.
>>
>> Afraid that's all the help I have.
>>
>> Cheers,
>>
>> On 28/01/2019 09:45, Igor Clark wrote:
>> > Hi there,
>> >
>> > Does anyone have any examples of how to use sni_hosts correctly in
>> > TransportOpts in cowboy:start_tls/3?
>> >
>> > I want to use different certs for respective diferent hostnames, and
>> I'm
>> > having trouble deciphering the docs as the definition seems spread
>> > across cowboy, ranch and erlang:ssl. From what I can tell the
>> underlying
>> > erlang:ssl wants this:
>> >
>> > { sni_hosts, [ { hostname(), [ ssl_option() ] } ] }
>> >
>> > which seems like it should work like e.g.
>> >
>> > { sni_hosts, [ { "hostname1", [ { certfile, Certfile1 }, { keyfile,
>> > Keyfile1 }, { cacertfile, CaCertFile1 } ] } ] }
>> >
>> > but when I add that directly to the TransportOpts in cowboy:start_tls/3
>> > alongside { port, Port } etc I just get bad_return. There are other
>> > options that seem relevant e.g. server_name_indication but I'm finding
>> > it tricky to piece it all together to make the right shape of
>> > TransportOpts - I'm not clear whether the ssl_opts listed under the
>> > ranch_ssl module docs
>> > <https://ninenines.eu/docs/en/ranch/1.2/manual/ranch_ssl/> are simply
>> > passed through from erlang:ssl <http://erlang.org/doc/man/ssl.html> or
>> > whether they're a ranch-specific subset, and either way how to
>> structure
>> > the proplist to configure Cowboy to serve multiple TLS names.
>> >
>> > Would very much appreciate any tips or examples!
>> >
>> > Thanks,
>> > Igor
>> >
>> > _______________________________________________
>> > erlang-questions mailing list
>> > erlang-questions@REDACTED
>> > http://erlang.org/mailman/listinfo/erlang-questions
>> >
>>
>> --
>> Loïc Hoguin
>> https://ninenines.eu
>> _______________________________________________
>> erlang-questions mailing list
>> erlang-questions@REDACTED
>> http://erlang.org/mailman/listinfo/erlang-questions
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20190130/0236b8f6/attachment.htm>

More information about the erlang-questions mailing list