map<string,SSL_CTX*> g_ctxMap;
SSL_CTX* serverSslCtx = NULL;
static int serverNameCallback(SSL * ssl, int * ad, void * arg)
{
if(ssl == NULL)
return SSL_TLSEXT_ERR_NOACK;
const char * servername = SSL_get_servername(ssl,TLSEXT_NAMETYPE_host_name);
SSL_CTX* ctx = NULL;
if (servername && strlen(servername) > 0)
{
//從g_ctxMap中找到servername對應的SSL_CTX
_OUTPUT(INFO, "%s name = %s\n", __FUNCTION__, servername);
}
else
{
//選一個默認的SSL_CTX
_OUTPUT(INFO, "%s name is NULL\n", __FUNCTION__);
}
SSL_set_SSL_CTX(ssl, ctx);
SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ctx),
SSL_CTX_get_verify_callback(ctx));
SSL_set_verify_depth(ssl, SSL_CTX_get_verify_depth(ctx));
SSL_set_options(ssl, SSL_CTX_get_options(ctx));
return SSL_TLSEXT_ERR_OK;
}
//初始化一個通用的SSL_CTX,設置好回調函數
//接受客戶端的連接sock,與通用SSL_CTX綁定,後面收到包就會觸發回調,再根據域名綁定對應的SSL_CTX
serverSslCtx = SSL_CTX_new(SSLv23_server_method());
SSL_CTX_set_tlsext_servername_callback(serverSslCtx, serverNameCallback);