What is correct way to implement multiple TLS certs and private keys for SNI rust web server?

Question

With native_tls I see:

let ssl = ssl().expect("Failed to load SSL keys");
        let builder: native_tls::TlsAcceptorBuilder =
            native_tls::backend::openssl::TlsAcceptorBuilderExt::from_openssl(ssl);
        let tls_acceptor = builder.build().expect("Failed to build TLS acceptor");

Which I think has:

https://en.wikipedia.org/wiki/Server_Name_Indication

and:

https://docs.rs/native-tls/0.2.3/native_tls/struct.TlsConnectorBuilder.html#method.use_sni

use_sni is true by default.

But I'm still looking for correct way to load up N certs for N different domains and run all from the same server on same 443 port.

Is there way to call TlsAcceptorBuilderExt::from_openssl(ssl) over and over with N certs?

Edit1: found this which explains a lot.

score 0 · Answer 1 · answered Aug 16 '19 at 16:43

0

Perfect example here: https://github.com/nikelmwann/garbageproxy/blob/578e92d56fc410a58f0b93195aef52a47cfbe3fb/src/tls.rs#L55 this loops through N servers and adds each cert and key

answered Aug 16 '19 at 16:43

Andrew Arrow

4,248
9
53
80

The link is broken unfortunately. Could you paste the code here? – Tim Nieradzik Dec 01 '22 at 08:29

What is correct way to implement multiple TLS certs and private keys for SNI rust web server?

1 Answers1