Hi Alex, I have added a paragraph on "Confidentiality" in the "Securing applications" page covering this topic: http://wiki.restlet.org/docs_1.1/g1/13-restlet/29-restlet/99-restlet/46-rest let.html
At some point, it might makes sense to split up this page into several ones. Best regards, Jerome -----Message d'origine----- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Alex Milowski Envoyé : mardi 15 juillet 2008 17:14 À : discuss@restlet.tigris.org Objet : Re: SSL + Virtual Hosts and Issue #489? On Sat, Jul 12, 2008 at 5:51 AM, Jerome Louvel <[EMAIL PROTECTED]> wrote: > > Hi Alex and Bruno, > > My understanding is that Alex wants this: > - a single server socket accepting all HTTP requests > - several SSL certificates selected depending on the matching virtual host > > I think this can't be done because in order to determine the virtual host, > you need to have read and parsed the HTTP request headers to get the "Host" > one. You can only do that if you already use the certificate to read the > incoming SSL stream. > > So, it seems that the only solution is to have two listening server sockets > and then two Restlet server connectors. Bruno's solution would let you share > the same certificate store by selecting the alias based on the actual socket > used, but you still need two sockets. > > If you want to use HTTPS's default port, that means that you need two > separate IP addresses, at least virtual IP addresses. > > Let me know if I missed something. That makes sense to me. I seem to remember having to do this with apache once or twice. This should certainly be documented somewhere as we go forward. Is there an "SSL tips" page on the wiki? --Alex Milowski
