I was just considering this exact same thing, and it appears the answer
is no. You should be able to serve multiple vhosts on different ip
addresses (or ports) by running nsssl multiple times with different cert
configs, but that isn't particularly helpful.
I haven't explored this completely, but to add SNI support to nsssl I
think the cleanest approach config-wise would be to add a "servers" and
"certs" section underneath nsssl to map hostnames to certificates as
well as servers, ala nssock.
For example:
ns_section ns/module/nsssl/servers
ns_param server1 www.example.com
ns_param server2 www.example2.com
ns_section ns/module/nsssl/certs
ns_param www.example.com /usr/local/ssl/certs/server1.pem
ns_param www.exmaple2.com /usr/local/ssl/certs/server2.pem
Dynamic vhosts could perhaps be supported by defining the cert file for
a given domain to be a standard name under a "certs" subdirectory in the
vhost tree (i.e., servers/${servername}/host.com/certs/host.com.pem).
I would address the explicit configuration above first, however.
This SO post points at the implementation strategy:
http://stackoverflow.com/questions/5113333/how-to-implement-server-name-indication-sni
Implementing this is not on my immediate to-do list (we're using ELB for
termination) but it may become a concern sometime soon.
-J
David Osborne wrote:
> Hi there,
>
> Is there any way to replicate the behaviour of SNI aware https servers
> using naviserver nsssl?
> Namely, where different certificates can be presented on the same ssl
> port depending on the servername sent by the TLS client
>
> https://www.domain.com -> nsssl.server.com:443 <http://nsssl.server.com:443>
> <- www.domain.com <http://www.domain.com> cert
>
> https://sub.domain.com -> nsssl.server.com:443 <http://nsssl.server.com:443>
> <- sub.domain.com <http://sub.domain.com> cert
>
> (I don't think SNI is supported by nsssl - please correct me if I'm wrong)
------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
naviserver-devel mailing list
naviserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/naviserver-devel
