thanks for this!
according to CPAN
http://search.cpan.org/~mikem/Net-SSLeay-1.66/lib/Net/SSLeay.pod#Low_level_API:_Server_side_Server_Name_Indication_%28SNI%29_supportthe goal can be reached with code like this:
# create default context my $ctx = Net::SSLeay::CTX_new or die; Net::SSLeay::CTX_set_cipher_list($ctx, 'ALL'); Net::SSLeay::set_cert_and_key($ctx, 'cert.pem','key.pem') or die; # create new context for each new hostname my %hostnames = (); Net::SSLeay::CTX_set_tlsext_servername_callback( $ctx, sub { my $ssl = shift; my $h = Net::SSLeay::get_servername($ssl); unless (exists $hostnames{$h}) { $hostnames{$h}->{ctx} = Net::SSLeay::CTX_new or die; Net::SSLeay::CTX_set_cipher_list($hostnames{$h}->{ctx}, 'A +LL'); $hostnames{$h}->{cert} = ... # generate certificate and $hostnames{$h}->{key} = ... # key based on hostname in $h # and re-use them in future f +rom hash as below Net::SSLeay::set_cert_and_key( $hostnames{$h}->{ctx}, $hostnames{$h}->{cert}, $hostnames{$h}->{key} ) or die; } Net::SSLeay::set_SSL_CTX($ssl, $hostnames{$h}->{ctx}); } );
but every new cert/key pair generation will use some time.
in my case, the script is a multiplexing server based on IO::Select, so it reads and writes with short parts of data to prevent any long/heavy transfer to block the others.
and each time the new pair is generated the script will block for this time.
is there a way to solve this in non-blocking manner?
thanks!
In reply to Re^2: Dynamic SNI certificates while upgrading to SSL
by gr3m1in
in thread Dynamic SNI certificates while upgrading to SSL
by gr3m1in
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |