SSL-enabling virtual hosts
I'm writing an HTTP server application that will proxy several other servers, meaning that when a request comes in, my server will simply shuttle packets back and forth between the client and the real destination. It can do that because the HTTP HOST: header contains the original request, and the URL will tell us where the real host is.
When I want to SSL-enable this system, I run into a problem: The HTTP headers are not available until after the SSL handshake which can't be done without a valid certificate (which I don't have because onl the real target server has it). Classic chicken and egg problem.
This will be fixable in the future with Server Name Indication, a part of RFC 3546 which will allow the original URL request to be put into the ClientHello message, hence allowing my virtual server to determine the final destination without a full handshake.
My question is has anyone coded up anything related to this? Conceptually, it is straight forward - look at the request and open a socket to the destination server and simply relay the packets. In practice, I'm not really sure where to start. Any ideas?
Sander Smith
