Please sign in to comment.
Add SNI support
If multiple certificates are specified, try to perform Server Name Indication to serve the most appropriate one. We fall back to the last certificate presented if none of the previous ones match, making it a useful place to put a star cert. A few caveats: - Certificate names are compared as case-insensitive strings, without any special logic for dealing with wildcards. The current workaround is to always place wildcard certificates last, where they act as the default catch-all. - Certificates are examined in order. The first certificate that matches any given request will be used. - The name -> certificate mapping is stored in a singly linked list. This performs very well for use with a handful of certificates, none of which have very many Subject Alternative Names, however sites which must serve a large number of certificates or names might find a linear list scan on every new connection too slow.
- Loading branch information...
Showing with 230 additions and 62 deletions.
Oops, something went wrong.