Thank you Kaleb for your time and for your support. I'll work on it soon!
Best regards
You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → Posts by ans
Pages 1
Thank you Kaleb for your time and for your support. I'll work on it soon!
Best regards
Really thank you for your support Kaleb.
I've one only question.
I buffer N bytes, I extract the SNI, and than how I can repass the N buffered bytes to wolfSSL for reparsing?
Hi @ans,
So essentially, and correct me if I'm wrong, you are trying to create your own load balancer? If that is the case this is a very complex problem! Have you considered using an existing solution such as HaProxy (which has support for wolfSSL)?
Warm Regards,
- K
A simple web server that writes responses and handles requests in plain http. I've my own simple library and to implement the https support I'm looking for a working and stable library like wolfSSL.
While with a plain request I can read the Host header and than redirect the content generation, the https is different because I can't read the request headers before send the certificate, and that is as it should be.
Imagine a server with IP "MyIP" that handles requests from "DomainA" and "DomainB", with "CertA" and "CertB".
Now if a client connects to MyIP which certificate I need to send? CertA or CertB? To resolve this issue the only way is to know the SNI value, compare it to DomainA and DomainB, and send the right certificate. After this, redirecting to the right content generation callback is equal to the insecure requests.
I need the SNI value for this reason.
Resolving the SNI at application level by buffering raw bytes or customizing the wolfSSL IO, doesn't slow down the entire process parsing the packets two times?
Can you modify the library adding a "char *sni" somewhere?
By the way, every suggestions to easily get the SNI value without too many hacks is appreciate.
Hi Kaleb,
thank you for your answer.
I'm working on a custom web service and I need to manage multiple virtual host on the same IP. So, when a connection begins I need to get the SNI to set the right certificate in the ctx. Is there a way to achieve this without enter so deeply in the wolfSSL's core? I need the hostname only...
Hi guys,
thank you for the great work you've done in WolfSSL.
I understand that I can extract the SNI from ClientHello bytes using:
int wolfSSL_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz, byte type, byte* sni, word32* inOutSz);
Ok. But, where can I find the clienHello's bytes?
1) Is there a pointer in some structure?
2) Maybe I need to buffer the raw bytes before starting wolfSSL, call the function to extract the SNI, and than inject the raw buffered bytes to wolfSSL again in some way in order to restart the connection flow?
Thanks!
Pages 1
wolfSSL - Embedded SSL Library → Posts by ans
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.014 seconds (96% PHP - 4% DB) with 5 queries