|SNI-SHUNT(1)||General Commands Manual||SNI-SHUNT(1)|
dispatch TLS request according to ServerName
sni-shunt utility expect an open TCP
socket on standard input, and read the begining of the stream without
altering it. It then scan the ServerName TLS extension then exports
environment variables if found, and always execute into the rest of the
arguments cmd arg
ENVas /path/%/file.pem, with % replaced by the ServerName found.
LOG environment variable controls the
logging verbosity from 4 (debug) to 1 (fatal errors)
In addition to the environment variables defined by
sni-shunt sets the
SERVER_sni-shunt variable if an SNI extension was
sni-shunt utility exits 0 on
success, and >0 if an error occurs.
$ s6-tcpserver 127.0.0.1 443 sni-shunt s6-tlsd env ROOT=/srv/www httpfile-httpd
sni-shunt is heavyly inspired by
Josuah Demangeon <email@example.com>
The TLS handling does make use of a complete TLS library, so update in the TLS Client Hello message also require an update in this program.
|May 31, 2020||OpenBSD 6.9|