The following enables SNI support within httpd.
It requires libtls to have server side support for SNI (diff previously
posted).
Index: server.c
===================================================================
RCS file: /cvs/src/usr.sbin/httpd/server.c,v
retrieving revision 1.85
diff -u -p -r1.85 server.c
--- server.c 28 Apr 2016 17:18:06 -0000 1.85
+++ server.c 13 Aug 2016 17:18:51 -0000
@@ -159,6 +159,8 @@ server_tls_load_keypair(struct server *s
int
server_tls_init(struct server *srv)
{
+ struct server_config *srv_conf;
+
if ((srv->srv_conf.flags & SRVFLAG_TLS) == 0)
return (0);
@@ -207,6 +209,19 @@ server_tls_init(struct server *srv)
return (-1);
}
+ TAILQ_FOREACH(srv_conf, &srv->srv_hosts, entry) {
+ if (srv_conf->tls_cert == NULL || srv_conf->tls_key == NULL)
+ continue;
+ log_debug("%s: adding keypair for server %s", __func__,
+ srv->srv_conf.name);
+ if (tls_config_add_keypair_mem(srv->srv_tls_config,
+ srv_conf->tls_cert, srv_conf->tls_cert_len,
+ srv_conf->tls_key, srv_conf->tls_key_len) != 0) {
+ log_warnx("%s: failed to add tls keypair", __func__);
+ return (-1);
+ }
+ }
+
if (tls_configure(srv->srv_tls_ctx, srv->srv_tls_config) != 0) {
log_warnx("%s: failed to configure TLS - %s", __func__,
tls_error(srv->srv_tls_ctx));
@@ -261,6 +276,9 @@ server_launch(void)
struct server *srv;
TAILQ_FOREACH(srv, env->sc_servers, srv_entry) {
+ log_debug("%s: configuring server %s", __func__,
+ srv->srv_conf.name);
+
server_tls_init(srv);
server_http_init(srv);
