Reputation: 1292
HTTPS client - certificate
I write raw HTTPS client in C - a program that takes domain name, resolves it to IP address (via DNS), connects to the IP address on port 443 (SSL), performs SSL handshake and then sends HTTP request via the SSL socket.
To try this program I have a domain hosted on a webserver. I installed Let's encrypt certificate for the domain.
I found out that there are many domain names sharing the same IP address as my domain. So when I connect to the IP address on port 443 to perform SSL handshake who ensures that mydomain's SSL certificate will be sent from the server to the client and not another certificate belonging to other domain name sharing the same IP address?
Upvotes: 0
Views: 131
Answers (1)
Reputation: 55718
There exists a TLS extension called Server Name Indication (SNI) which is widely used (and is e.g. require for http/2 clients). You can find the formal specification of this extension in RFC 6066.
Using SNI, a client can send a desired hostname in its Hello request which allows the server to select a matching key/certificate combination for this connection.
Upvotes: 2
Related Questions
- How exactly TLS/SSL works regarding client certificate?
- How do client certificates work?
- Sending Client certificates in web browser
- Client certificate authentication
- SSL certificate for client
- Establishing connection to HTTPS using client certificates
- Client Certificates
- SSL Client Certificate authentication
- passing the Client certificate over HTTP
- Use Server Certificate As Client Certificate