axum-server
axum-server copied to clipboard
programatik29
Async SNI callback
I would like to load TLS certificates to be used for the request based on the hostname.
A method of doing this is specifying something that implements the ResolvesServerCert trait in the cert_resolver attribute of the rustls ServerConfig. This is nice and easy to do but requires the resolve method to be synchronous.
As discussed in this issue, the correct method of asynchronously resolving certificates based on the hostname would be to use the rustls Acceptor to handle the connection before the configuration is finalized. One would then be able to asynchronously load the certificates, build the config, and generate a ServerConnection with it.
I see that axum-server has the ability to provide a custom Acceptor for a server and has an example of it.
I am, however, unable to get this to asynchronously resolve certificates for the connection. I don't know if this is because I just can't figure out how to do it correctly or if axum-server does not currently support this functionality.
Is this possible in axum-server? If not, I am more than happy to create a PR to do this; I will need some hints on what needs to be done though.
Could I submit a PR to rustls to make this work? Do you know what I would have to change?
Would using OpenSSL work for this use case?