Preferred bug tracker

Please visit the preferred bug tracker to report your issue.

This queue is for tickets about the IO-Socket-SSL CPAN distribution.

Report information
The Basics

Nobody in particular
karel.miko [...]

(no value)
Broken in:
(no value)
Fixed in:
(no value)

Subject: Server side SNI support
Date: Wed, 16 Jan 2013 19:51:47 +0100
From: Karel Miko <>
Hi, Net::SSLeay has server side SNI support since 1.50 Please find enclosed proposal for adding server side SNI also to IO::Socket::SSL. It is implemented via a new option: SSL_server_SNI => { '' => ['h1.crt', 'h1.key'], '' => ['h2.crt', 'h2.key'] } or SSL_server_SNI => sub { my $host = shift; ...; return ($certfile, $keyfile) }, If you find my proposal handy I can write a piece of documentation for this new feature. Regards -- Karel

Message body is not shown because sender requested not to inline it.

Show quoted text
> > Please find enclosed proposal for adding server side SNI also to > IO::Socket::SSL.
Hi Karel, thanks for the patch. Although I implemented it in a different way, I was inspired by your patch and motivated, that someone needs this feature. The main difference to your patch is, that I did not add a new option, but instead let SSL_key* and SSL_cert* use a hash reference to provide the mapping between hostname and key/cert. The creation of the context per host is then done at configure time, and not when a client connects. I liked this approach more, because you get any problems with the keys or cert reported earlier. Also, not only cert and key files are supported, but also cert and key values (e.g. X509* and PKEY* objects). The drawback of this approach is, that I don't offer a callback function, which determines cert and key when the client connects. This might be added in the future, but currently I don't see much value in it. Thanks again, Steffen

This service runs on Request Tracker, is sponsored by The Perl Foundation, and maintained by Best Practical Solutions.

Please report any issues with to