Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SNICallback native #4959

Open
alisson-acioli opened this issue Jul 20, 2022 · 5 comments
Open

SNICallback native #4959

alisson-acioli opened this issue Jul 20, 2022 · 5 comments
Labels
discuss enhancement ideas

Comments

@alisson-acioli
Copy link

Hello, I would like to indicate a new native functionality for express in your next updates: native SNICallback.

Today we do not have native support for such functionality. I myself, in a current project, needed SNICallback and I only found it in NodeJS native https functions but I didn't find any direct implementation in ExpressJS where I would rather have a raised server.

The solution was to join NodeJS https together with Express to use such a feature, but if the same feature was available natively in Express it would be of great help.

Such functionality is important because it helps us a lot in several things, including leaving a Dynamic SSL (which was for this functionality I needed).

Explanation of functionality in NodeJS can be found at the link: SNICallback in NodeJS
@dougwilson dougwilson transferred this issue from expressjs/discussions Jul 20, 2022
@BobFrankston
Copy link

I am trying to use SNICallback, but the app I provide never seems to get invoked. Do you have working examples using SNICallback?

@alisson-acioli
Copy link
Author

I am trying to use SNICallback, but the app I provide never seems to get invoked. Do you have working examples using SNICallback?

I use it like this:

import express from 'express';
import https from 'node:https';

const app = express();

async function dynamicCertify(domain){
    // do something
}

let options = {
    SNICallback: async function (domain, cb) {
        if (cb) {
            cb(null, await dynamicCertify(domain));
        } else {
            return await dynamicCertify(domain);
        }
    }
}

let server = https.Server(options, app);

app.get('*', (req, res) => {
    res.send('Hello World!');
});

server.listen(PORT, () => {
    console.log(`Server running on port ${PORT}...`);
});

@BobFrankston
Copy link

Thanks for the reality check

Knowing it is supposed to work helps. I wonder if something broke in Node 19. I'll continue to explore.

My code is essentially the same as yours though I preload the certificates generated using acme.sh. I'm also running on Windows with Node 19. I wonder if that could be a factor. Or firewall rules or any other attempts to be "helpful" in the path. I did try WSL but it may not be pure enough Linux.

@BobFrankston
Copy link

I've narrowed my issue down. In debug mode, I'm told I have an invalid SNI context. What kind of object does your dynamicCeritify return? I've been using { context: {key, cert}} and that may be the culprit.

@BobFrankston
Copy link

Got it to work using

 cb(null,  tls.createSecureContext(sc));

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
discuss enhancement ideas
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@BobFrankston @alisson-acioli @import-brain