[erlang-questions] Using SNI with cowboy:start_tls/3

Loïc Hoguin essen@REDACTED
Wed Jan 30 18:29:06 CET 2019 

A patch might be needed. Igor, please open a ticket in Cowboy or Ranch 
if you think it's necessary once you've done some experimentation.

Cheers,

On 30/01/2019 18:18, Ingela Andin wrote:
>   Actually the easiest way to handle the new options based on sni 
> extention nowdays is to use the handshske_continue functionallity. I do 
> not know if that works with cowboy.
> 
> Regards Ingela
> 
> onsdag 30 januari 2019 skrev Igor Clark <igor.clark@REDACTED 
> <mailto:igor.clark@REDACTED>>:
> 
>     Thank you both. I’ll see if I can try getting under the hood with
>     just ssl.
> 
>     A bit surprised this hasn’t come up more often - I imagined people
>     would want to host multiple names using cowboy pretty frequently!
>     Not so, it seems?
> 
>     If I get anywhere with it I’ll post back.
> 
>     Thanks again,
>     Igor
> 
>     On 30 Jan 2019, at 11:32, Ingela Andin <ingela.andin@REDACTED
>     <mailto:ingela.andin@REDACTED>> wrote:
> 
>>     Hi!
>>     Your exampel looks correct.
>>
>>     Here is another one
>>
>>     {sni_hosts,
>>      [{"a.server", [{certfile, "a_cert.pem"},
>>                     {keyfile, "a_key.pem"},
>>                     {keyfile, "a_key.pem"}
>>                    ]},
>>       {"b.server", [{certfile, "b_cert.pem"},
>>                     {keyfile, "b_key.pem"},
>>                     {keyfile, "b_key.pem"}
>>                    ]}
>>      ]}
>>
>>     If you want to know if the problem is with cowboy or ssl try
>>     calling ssl API without cowboy
>>
>>     Regards Ingela
>>
>>
>>     Den ons 30 jan. 2019 kl 00:26 skrev Loïc Hoguin
>>     <essen@REDACTED <mailto:essen@REDACTED>>:
>>
>>         Hey,
>>
>>         As far as Ranch is concerned, the options are given directly
>>         to the ssl
>>         application. What Ranch does is tweak some default values
>>         (unrelated to
>>         ssl), remove some options like active or packet (same), and
>>         pass them
>>         forward. The types in the docs are there merely for
>>         documentation purposes.
>>
>>         Afraid that's all the help I have.
>>
>>         Cheers,
>>
>>         On 28/01/2019 09:45, Igor Clark wrote:
>>         > Hi there,
>>         >
>>         > Does anyone have any examples of how to use sni_hosts
>>         correctly in
>>         > TransportOpts in cowboy:start_tls/3?
>>         >
>>         > I want to use different certs for respective diferent
>>         hostnames, and I'm
>>         > having trouble deciphering the docs as the definition seems
>>         spread
>>         > across cowboy, ranch and erlang:ssl. From what I can tell
>>         the underlying
>>         > erlang:ssl wants this:
>>         >
>>         > { sni_hosts, [ { hostname(), [ ssl_option() ] } ] }
>>         >
>>         > which seems like it should work like e.g.
>>         >
>>         > { sni_hosts, [ { "hostname1", [ { certfile, Certfile1 }, {
>>         keyfile,
>>         > Keyfile1 }, { cacertfile, CaCertFile1 } ] } ] }
>>         >
>>         > but when I add that directly to the TransportOpts in
>>         cowboy:start_tls/3
>>         > alongside { port, Port } etc I just get bad_return. There
>>         are other
>>         > options that seem relevant e.g. server_name_indication but
>>         I'm finding
>>         > it tricky to piece it all together to make the right shape of
>>         > TransportOpts - I'm not clear whether the ssl_opts listed
>>         under the
>>         > ranch_ssl module docs
>>         > <https://ninenines.eu/docs/en/ranch/1.2/manual/ranch_ssl/
>>         <https://ninenines.eu/docs/en/ranch/1.2/manual/ranch_ssl/>>
>>         are simply
>>         > passed through from erlang:ssl
>>         <http://erlang.org/doc/man/ssl.html
>>         <http://erlang.org/doc/man/ssl.html>> or
>>         > whether they're a ranch-specific subset, and either way how
>>         to structure
>>         > the proplist to configure Cowboy to serve multiple TLS names.
>>         >
>>         > Would very much appreciate any tips or examples!
>>         >
>>         > Thanks,
>>         > Igor
>>         >
>>         > _______________________________________________
>>         > erlang-questions mailing list
>>         > erlang-questions@REDACTED <mailto:erlang-questions@REDACTED>
>>         > http://erlang.org/mailman/listinfo/erlang-questions
>>         <http://erlang.org/mailman/listinfo/erlang-questions>
>>         >
>>
>>         -- 
>>         Loïc Hoguin
>>         https://ninenines.eu
>>         _______________________________________________
>>         erlang-questions mailing list
>>         erlang-questions@REDACTED <mailto:erlang-questions@REDACTED>
>>         http://erlang.org/mailman/listinfo/erlang-questions
>>         <http://erlang.org/mailman/listinfo/erlang-questions>
>>

-- 
Loïc Hoguin
https://ninenines.eu

More information about the erlang-questions mailing list