Forum Feature requests

You don't seem to support TLS...

johnathonwright
My server is using TLS SNI to host multiple secure certificates on the same machine. Prince apparently doesn't support that and doesn't render the images at all. My understanding is that TLS is SSL4 except it was different enough that it needed to be renamed.

Here's the entry from the log file. This server hosts the same application several times (environments are at different versions) ... edge.domain.com has the latest/greatest code, staging.domain.com is predeploy testing, http://www.domain.com is production, etc.... we added an SSL certificate to edge because we've had some issues where SSL was causing a problem once we deployed to production. We wanted not to be surprised in production so we added a cert to edge.

warning: SSL: certificate subject name 'www.domain.com' does not match target host name 'edge.domain.com'
mikeday
From the error message it sounds like the certificate doesn't match the domain. Do you get this error if you use wget, curl, or a browser to access the URL?
johnathonwright
SNI ( server name indication ) is a new bit that's included in TLS ( which should probably have been called SSL4 )... traditionally, you were only allowed one SSL cert per IP because you had to do the handshake the included the domain name AFTER you started encryption. However, SNI lets you start an encrypted session with ANY certificate, do the handshake, and then switch certs. Because the default cert is for www, that's the one that is used when SNI isn't supported, so that's the one you're seeing.
mikeday
Right, this is going to come down to a question of which curl library and OpenSSL library Prince is using on your platform. The ideal solution is to use a dynamically linked build of Prince, so that it uses the latest libraries you have installed, assuming you are running Prince on Linux; which platform are you running on?