SNI on TLS connections?
-
I was not able to get SNI (alias Server name identification) working on TLS connections.
This is required if you serve multiple domains with different certificates from one server with a single ipv4 address (the server needs to know which certificate to publish to the client prior to have the tls connection established).
Actually from the source I see, that there is an undocumented key-word in the ussl.wrap_socket function
server_hostname.and I see, that the hostname is properly set on line
https://github.com/pycom/pycom-micropython-sigfox/blob/6e087642be5416cc937e4b73a4827f8988ed46a3/esp32/mods/modussl.c#L140However still it is not working for me. Anyone else got this working correctly?
The workaround is to distribute the cert required by non-sni clients as a default one. However this workaround might not work for some conditions.
-
Sorry, looks like this was my fault. Looks like it is working as intended but I messed something on the server.
Got to do some more testing though...@jmarcelino (btw, congrats for you position at pycom), Still you might wanne document the parameter
server_hostnameon theussl.wrap_socketfunction.A just noticed that cert mismatch does not rise
ussl.SSLErrorbutOSErrorwhich is therefore wrong in the docs too.