Kaleb J. Himes wrote:Hi @ans,
So essentially, and correct me if I'm wrong, you are trying to create your own load balancer? If that is the case this is a very complex problem! Have you considered using an existing solution such as HaProxy (which has support for wolfSSL)?
Warm Regards,
- K
A simple web server that writes responses and handles requests in plain http. I've my own simple library and to implement the https support I'm looking for a working and stable library like wolfSSL.
While with a plain request I can read the Host header and than redirect the content generation, the https is different because I can't read the request headers before send the certificate, and that is as it should be.
Imagine a server with IP "MyIP" that handles requests from "DomainA" and "DomainB", with "CertA" and "CertB".
Now if a client connects to MyIP which certificate I need to send? CertA or CertB? To resolve this issue the only way is to know the SNI value, compare it to DomainA and DomainB, and send the right certificate. After this, redirecting to the right content generation callback is equal to the insecure requests.
I need the SNI value for this reason.
Resolving the SNI at application level by buffering raw bytes or customizing the wolfSSL IO, doesn't slow down the entire process parsing the packets two times?
Can you modify the library adding a "char *sni" somewhere?
By the way, every suggestions to easily get the SNI value without too many hacks is appreciate.