ref: 76ae95b02fdd8570c6a3df53803d27b1ad8728a8
dir: /README/
# Key Functions tlshand.c:/^tlsClientExtensions tlshand.c:/^checkClientExtensions tlshand.c:/^tlsConnectionFree # Data Types tlshand.c:/^typedef struct TlsConnection /sys/include/libsec.h:/^typedef struct TLSconn # Approach The function tlshand.c:/^checkClientExtensions must be extended to decode the server name indication. For this the 'tlshand.c:/^typedef struct TlsConnection' needs to be extended to hold the server name. tlshand.c:/^tlsConnectionFree needs to free any potential `TlsConnection.serverName`. We are going to allow multiple certificates to be specified to tlssrv. Each certificate encode what domain it is for in its subject: % auth/pemdecode 'CERTIFICATE' /sys/lib/tls/acmed/mux.9lab.org.crt | auth/x5092pub key proto=rsa size=2048 ek=10001 n=BEF7549C333817BBE366CD58B2A60D3D2E3C1924ADF9E9B6BDB7FB74B5FF0CF1FF5A4D7A6F7202B7155D854396E925ADEAAF27AF8A118E0360470D6FD01BBF710051B02A53ECBFA8A8BB0FADCD4C7E320296CC6E82DE71B3B9D0378B982DB0359E4C8FD2AF9CB9BC3B6CBC0931E6638F74E716AA7B7AAF9E0873DDA676073B9C4F499EE57D96BAD2C2FB156CC25C289EAAC962CE785C82D2CFD78CC2A493B0965224EAFE94AB0A14441EF0CE4BBC0BF1E4034CAD051131A08120221F56E7000CAAF2244D5B111F7764CF04BE1A4BC866721FC4F8C9BD35F4EB71BFF33982F7BEAB3246794610666896C01D572D674E9A27B2CBD2D2D9311DAD675BAF230B82BF subject=mux.9lab.org Sample code that shows how to extract the domain from the subject can be found in /sys/src/cmd/auth/acmed.c:/^getcert