2 SSL certificates in twisted

Question

I had this code:

from twisted.web.server import Site
from twisted.web.static import Data
from twisted.internet import reactor, ssl

root = Data(\"\", \"text/plai         


        

Answer 1

The ways TLS works with HTTP to support multiple hostnames is either by using a single certificate that contains all of those hostnames (for example, as subjectAltName extensions) or by using multiple certificates (each with fewer than the complete set of hostnames) and the SNI TLS extension.

If you want to use the former solution, all you need to do is acquire correctly constructed certificates. How you do this probably depends on where you're getting your certificates from. Perhaps the certificate vendor has a special user interface for this or perhaps the certificate request generator you're using has options that control it.

If you want to use the latter solution, investigate txSNI:

from txsni.snimap import SNIMap
from txsni.tlsendpoint import TLSEndpoint

from twisted.web.server import Site
from twisted.web.static import Data
from twisted.internet import reactor
from twisted.internet.ssl import Certificate, KeyPair, PrivateCertificate
from twisted.internet.endpoints import serverFromString

def main(reactor):
    root = Data("", "text/plain")
    site = Site(root)

    def load(key_path, cert_path):
        with open(key_path) as key_file:
            key = KeyPair.loadPEM(key_file.read())

        with open(cert_path) as cert_file:
             cert = cert.read()

        return PrivateCertificate.fromCertificateAndKeyPair(cert, key)

    snimap = SNIMap({
        "DEFAULT": load('/etc/apache2/ssl/wc.key', '/etc/apache2/ssl/wc.crt').options(),
        "another.host.name": load(another_key, another_cert).options(),
        ...
    })

    endpoint = TLSEndpoint(serverFromString(reactor, "tcp:80"))
    endpoint.listen(site)

    reactor.run()