search

rolkey / indyproject

Automatically exported from code.google.com/p/indyproject
0 stars 0 forks source link

Add support for TLS "Server Name Indication" (SNI) #289

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago 
http://en.wikipedia.org/wiki/Server_Name_Indication

Per 
http://stackoverflow.com/questions/5113333/how-to-implement-server-name-indicati
onsni-on-openssl-in-c-or-c:

On the client side, you use SSL_set_tlsext_host_name(ssl, servername) before 
initiating the SSL connection.

On the server side, it's a little more complicated:
•Set up an additional SSL_CTX() for each different certificate;
•Add a servername callback to each SSL_CTX() using 
SSL_CTX_set_tlsext_servername_callback();
•In the callback, retrieve the client-supplied servername with 
SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name). Figure out the right 
SSL_CTX to go with that host name, then switch the SSL object to that SSL_CTX 
with SSL_set_SSL_CTX().

Original issue reported on code.google.com by gambit47 on 7 May 2014 at 6:01

GoogleCodeExporter commented 8 years ago

Original comment by gambit47 on 15 Nov 2014 at 10:55