Created attachment 471569 [details] [diff] [review] Patch for trunk - v1 Attached is a patch for selfserv on the trunk. It makes selfserv choose from among multiple server certificates by looking up the client's SNI name in the host names in the cert(s), and picking the first cert that it finds with a matching host name. It uses the same host name matching function as our clients use. With this patch, it is no longer necessary to use a DNS name for a cert's nickname, because the nickname is not used for matching with SNI strings. It is also no longer necessary to provide multiple DNS names on the command line. selfserv will use all the host names found in the cert(s). This patch makes the -a and -n options synonymous. Either one or both may be used to specify a nickname for a cert, and up to 10 nicknames may be given. The first nickname given becomes the "default" cert, the one used if no SNI option is present in the client hello. I have been running this patch at home continuously for 9 weeks. I use selfserv with certs from my own CA to respond to requests sent to https ad servers that are redirected to 127.1 via my hosts file. This patch also makes one other change, which makes the patch MUCH larger than it otherwise needs to be. It removes the name "selfserv" from all the error messages, and instead displays the name given on the command line to invoke the program. This adds a lot of lines to the patch, but they are trivial to review.
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 570370
Comment on attachment 471569 [details] [diff] [review] Patch for trunk - v1 I'd mark this copy of the patch obsolete, if I could figure out how! :-/
You need to log in before you can comment on or make changes to this bug.