OMG, Gustaf you are amazing, I just saw last commit with SNI (Server Name
Indication (SNI.
Thank you

On Sat, Jul 4, 2020 at 7:55 PM Gustaf Neumann <neum...@wu.ac.at> wrote:

>
> On 04.07.20 21:08, Maksym Zinchenko wrote:
> > So now im facing this issues:
> > 1) Some of the domains are not mine and belong to some clients, they
> > might have their own certificates they bought.
> > 2) Also I don't know how many clients I will have in the future, so
> > everytime I add a new domain I need to regenerate multi-domain SAN
> > cert (they are really expensive and I can't afford it)
>
> i see, i am having probably too much the letsencrypt world in mind.
>
> > I thought it was more simple like:
> > 1) Load nsssl globally
> > 2) Define "defaultserver" and certificate for this "defaultserver"
> > 3) Define different certificates for each domain in ns_section
> > "ns/server/${server}/module/nsssl
> You want probably all these virtual servers listening on the same port
> (if not, just load multiple drivers for different ports).
>
> With the single port, there is a chicken-egg problem: the right certificate
> is needed at the time the connection is opened, and the virtual server can
> be only detected while reading the request header.
>
> This is a well known problem, for which the SNI TLS extension was invented
> (a hostname that can be used for identifying the certificate is passed
> during the TLS handshake as well). Currently, NaviServer supports SNI only
> at the client side (in ns_http), but not at the server side. It is not
> overly
> complicated to implemented this, but not trivial either, and will take
> some effort.
>
> So, for the time being, we have no such support in NaviServer.
>
> all the best
> -gn
>
> [1] https://en.wikipedia.org/wiki/Server_Name_Indication
>
>
>
> _______________________________________________
> naviserver-devel mailing list
> naviserver-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/naviserver-devel
>
_______________________________________________
naviserver-devel mailing list
naviserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/naviserver-devel

Reply via email to