express icon indicating copy to clipboard operation
express copied to clipboard

Published 20 hours ago verified publisher icon expressjs

SNICallback native

Open alisson-acioli opened this issue 1 year ago • 5 comments

Hello, I would like to indicate a new native functionality for express in your next updates: native SNICallback.

Today we do not have native support for such functionality. I myself, in a current project, needed SNICallback and I only found it in NodeJS native https functions but I didn't find any direct implementation in ExpressJS where I would rather have a raised server.

The solution was to join NodeJS https together with Express to use such a feature, but if the same feature was available natively in Express it would be of great help.

Such functionality is important because it helps us a lot in several things, including leaving a Dynamic SSL (which was for this functionality I needed).

Explanation of functionality in NodeJS can be found at the link: SNICallback in NodeJS

alisson-acioli avatar Jul 20 '22 13:07 alisson-acioli

I am trying to use SNICallback, but the app I provide never seems to get invoked. Do you have working examples using SNICallback?

BobFrankston avatar Feb 14 '23 18:02 BobFrankston

I am trying to use SNICallback, but the app I provide never seems to get invoked. Do you have working examples using SNICallback?

I use it like this:

import express from 'express';
import https from 'node:https';

const app = express();

async function dynamicCertify(domain){
    // do something
}

let options = {
    SNICallback: async function (domain, cb) {
        if (cb) {
            cb(null, await dynamicCertify(domain));
        } else {
            return await dynamicCertify(domain);
        }
    }
}

let server = https.Server(options, app);

app.get('*', (req, res) => {
    res.send('Hello World!');
});

server.listen(PORT, () => {
    console.log(`Server running on port ${PORT}...`);
});

alisson-acioli avatar Feb 14 '23 20:02 alisson-acioli

Thanks for the reality check

Knowing it is supposed to work helps. I wonder if something broke in Node 19. I'll continue to explore.

My code is essentially the same as yours though I preload the certificates generated using acme.sh. I'm also running on Windows with Node 19. I wonder if that could be a factor. Or firewall rules or any other attempts to be "helpful" in the path. I did try WSL but it may not be pure enough Linux.

BobFrankston avatar Feb 14 '23 21:02 BobFrankston

I've narrowed my issue down. In debug mode, I'm told I have an invalid SNI context. What kind of object does your dynamicCeritify return? I've been using { context: {key, cert}} and that may be the culprit.

BobFrankston avatar Feb 15 '23 03:02 BobFrankston

Got it to work using

 cb(null,  tls.createSecureContext(sc));

BobFrankston avatar Feb 15 '23 18:02 BobFrankston