Advertisement
Guest User

Untitled

a guest
Oct 9th, 2024
49
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.07 KB | None | 0 0
  1. I've been busy figuring out why I can't use multiple ssl certificates on hunchentoot (the so called "virtual hosts" functionality so that it uses different certificates for different domain names) and in a book I came across this explanation, that SNI (Server Name Identification) must be implemented:
  2. Server name identification
  3. Many servers host multiple domains. Certificates are tied to domains; therefore, TLS must provide a method for the client to specify which domain it's connecting to. You may recall that the HTTP Host header servers this purpose. The problem is that the TLS connection should be established before the HTTP data is sent. Therefore, the server must decide which certificate to transmit before the HTTP Host header is received. This is accomplished using Server Name Indication (SNI). SNI is a technique that, when used by TLS, requires the client to indicate to the server which domain it is attempting to connect to. The server can then find a matching certificate to use for the TLS connection. SNI is relatively new, and older browsers and servers do not support it. Before SNI was popular, servers had two choices—they could either host only one domain per IP address, or they could send certificates for all hosted domains for each connection.
  4. Common Lisp
  5. https://git.minimally.online/specter/geml/src/branch/serviceable/src/server.lisp#L91
  6. ;; TODO Use SNI for virtual domain hosting
  7. ;; I am not capable enough at Common Lisp or OpenSSL to figure that out yet.
  8. ;; * Secion 4: https://gemini.circumlunar.space/docs/specification.gmi
  9. ;; * https://github.com/cl-plus-ssl/cl-plus-ssl#usage
  10. ;; * https://stackoverflow.com/questions/5113333/how-to-implement-server-name-indication-sni
  11. ;; * https://en.wikipedia.org/wiki/Server_Name_Indication
  12. https://stackoverflow.com/questions/22373332/serving-multiple-domains-in-one-box-with-sni
  13.  
  14. I wanted to avoid having to install nginx or apache on top of hunchentoot... But I don't have the time and experience/I am not in the mood, to implement SNI either.
  15.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement