OMG, Gustaf you are amazing, I just saw last commit with SNI (Server Name Indication (SNI. Thank you
On Sat, Jul 4, 2020 at 7:55 PM Gustaf Neumann <neum...@wu.ac.at> wrote: > > On 04.07.20 21:08, Maksym Zinchenko wrote: > > So now im facing this issues: > > 1) Some of the domains are not mine and belong to some clients, they > > might have their own certificates they bought. > > 2) Also I don't know how many clients I will have in the future, so > > everytime I add a new domain I need to regenerate multi-domain SAN > > cert (they are really expensive and I can't afford it) > > i see, i am having probably too much the letsencrypt world in mind. > > > I thought it was more simple like: > > 1) Load nsssl globally > > 2) Define "defaultserver" and certificate for this "defaultserver" > > 3) Define different certificates for each domain in ns_section > > "ns/server/${server}/module/nsssl > You want probably all these virtual servers listening on the same port > (if not, just load multiple drivers for different ports). > > With the single port, there is a chicken-egg problem: the right certificate > is needed at the time the connection is opened, and the virtual server can > be only detected while reading the request header. > > This is a well known problem, for which the SNI TLS extension was invented > (a hostname that can be used for identifying the certificate is passed > during the TLS handshake as well). Currently, NaviServer supports SNI only > at the client side (in ns_http), but not at the server side. It is not > overly > complicated to implemented this, but not trivial either, and will take > some effort. > > So, for the time being, we have no such support in NaviServer. > > all the best > -gn > > [1] https://en.wikipedia.org/wiki/Server_Name_Indication > > > > _______________________________________________ > naviserver-devel mailing list > naviserver-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/naviserver-devel >
_______________________________________________ naviserver-devel mailing list naviserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/naviserver-devel