Better PROXY support and SNI #113

The code had mixed tabs/spaces and trailing whitespace. I standardized on 4-space indentation for stud.c and deleted all trailing whitespace. I also cleaned up whitespace in shctx.c (but did not standardize spacing there)

A mode that enables transparently passing the PROXY header generated by HAProxy et. al. through to the backend connection. This can be useful if you are using a TCP load balancer (such as HAProxy in tcp mode) to distribute encrypted streams to stud before they are unwrapped.

If multiple certificates are specified, try to perform Server Name Indication to serve the most appropriate one. We fall back to the last certificate presented if none of the previous ones match, making it a useful place to put a star cert. A few caveats: - Certificate names are compared as case-insensitive strings, without any special logic for dealing with wildcards. The current workaround is to always place wildcard certificates last, where they act as the default catch-all. - Certificates are examined in order. The first certificate that matches any given request will be used. - The name -> certificate mapping is stored in a singly linked list. This performs very well for use with a handful of certificates, none of which have very many Subject Alternative Names, however sites which must serve a large number of certificates or names might find a linear list scan on every new connection too slow.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Better PROXY support and SNI #113

Better PROXY support and SNI #113

Commits on Jul 20, 2012