Is it possible to listen on multiple domains?

[isoos]

I'd like to have a server that listens on port 443 for multiple domains, resolves the certificates separately, and routes the requests in a per-domain basis. Is this supported / planned? Any thoughts on how I contribute to this package (what design decisions would you prefer)?

[gmpassos]

Hi,

I was trying to allow multiple domains for the same server socket with shelf and HttpServer. I did that in Java for another project and worked very well, but I can't find a way to make a Dart HttpServer.bindSecure (https://api.dart.dev/stable/2.15.1/dart-io/HttpServer/bindSecure.html) to be able to load the correct certificate for multiple domains.

If you can help to find a way to build the SecureContext (https://api.dart.dev/stable/2.15.1/dart-io/SecurityContext-class.html) in the correct way to work with multiple domains certificates I can release a new version with this feature. This is the current bottleneck/wall.

What I need now is a working example (@ GitHub), using simple shelf or just HttpServer, that is able to resolve the multiple domain certificates issue.

Thanks to collaborate,
Best regards.

[isoos]

Oh, I wasn't aware of the limitation of SecureContext. I haven't looked into it much yet, but it seem that it would be worth to file an issue for it in the sdk. Maybe we'll need a new API that supports SNI (server name indication) via e.g. a callback that creates the SecureContext object instead of providing it at the startup.

[gmpassos]

In Java there's a method that you can implement to select the certificate from the "key store", what opens the opportunity to select the correct one for the current socket domain. Note that in a secure socket it knows the domain for the certificate due the secure handshake, before any client data is sent.

[gmpassos]

This issue dependents on:
dart-lang/sdk#36933