How to implement Server Name Indication (SNI)

c ssl sni openssl

How to implement Server Name Indication(SNI) on OpenSSL in C or C++?

Are there any real world examples available?


Solution 1:

On the client side, you use SSL_set_tlsext_host_name(ssl, servername) before initiating the SSL connection.

On the server side, it's a little more complicated:

  • Set up an additional SSL_CTX() for each different certificate;
  • Add a servername callback to each SSL_CTX() using SSL_CTX_set_tlsext_servername_callback();
  • In the callback, retrieve the client-supplied servername with SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name). Figure out the right SSL_CTX to go with that host name, then switch the SSL object to that SSL_CTX with SSL_set_SSL_CTX().

The s_client.c and s_server.c files in the apps/ directory of the OpenSSL source distribution implement this functionality, so they're a good resource to see how it should be done.

Related

Creating a custom layout for preferences
How to use Spring managed Hibernate interceptors in Spring Boot?
How do I convert csv file to rdd
PHP - Redirect and send data via POST
Dealing with an ArrayStoreException
Overriding a Base's Overloaded Function in C++ [duplicate]
How to update the image of a Tkinter Label widget?
Why to use StringBuffer in Java instead of the string concatenation operator
How to clear browser cache with php?
Remove a tag using BeautifulSoup but keep its contents
Installing jQuery?
Unable to cast object of type 'System.DBNull' to type 'System.String`