commit 23f161ce254d84bf502e6a4c93dd330a2a9b93a4
Author: Tietew <tietew@gmail.com>
Date:   Fri Jul 7 17:23:38 2017 +0900

    Add SNI support to WEBrick.
    
    * lib/webrick/https.rb: servername_cb implementation.
    * lib/webrick/ssl.rb: abstract servername_cb.
    * test/webrick/test_https.rb: test.

diff --git a/lib/webrick/https.rb b/lib/webrick/https.rb
index 73875d7..1494973 100644
--- a/lib/webrick/https.rb
+++ b/lib/webrick/https.rb
@@ -10,6 +10,7 @@
 # $IPR: https.rb,v 1.15 2003/07/22 19:20:42 gotoyuzo Exp $
 
 require 'webrick/ssl'
+require 'webrick/httpserver'
 
 module WEBrick
   module Config
@@ -84,4 +85,51 @@ def meta_vars
 
     # :startdoc:
   end
+
+  ##
+  #--
+  # Fake WEBrick::HTTPRequest for lookup_server
+
+  class SNIRequest
+
+    ##
+    # The SNI hostname
+
+    attr_reader :host
+
+    ##
+    # The socket address of the server
+
+    attr_reader :addr
+
+    ##
+    # The port this request is for
+
+    attr_reader :port
+
+    ##
+    # Creates a new SNIRequest.
+
+    def initialize(sslsocket, hostname)
+      @host = hostname
+      @addr = sslsocket.addr
+      @port = @addr[1]
+    end
+  end
+
+
+  ##
+  #--
+  # Adds SSL functionality to WEBrick::HTTPServer
+
+  class HTTPServer < ::WEBrick::GenericServer
+    ##
+    # ServerNameIndication callback
+
+    def ssl_servername_callback(sslsocket, hostname = nil)
+      req = SNIRequest.new(sslsocket, hostname)
+      server = lookup_server(req)
+      server ? server.ssl_context : nil
+    end
+  end
 end
diff --git a/lib/webrick/ssl.rb b/lib/webrick/ssl.rb
index d626e14..a30cbc3 100644
--- a/lib/webrick/ssl.rb
+++ b/lib/webrick/ssl.rb
@@ -48,6 +48,8 @@ module Config
     #   Number of CA certificates to walk when verifying a certificate chain
     # :SSLVerifyCallback    ::
     #   Custom certificate verification callback
+    # :SSLServerNameCallback::
+    #   Custom servername indication callback
     # :SSLTimeout           ::
     #   Maximum session lifetime
     # :SSLOptions           ::
@@ -193,10 +195,19 @@ def setup_ssl_context(config) # :nodoc:
       ctx.verify_mode = config[:SSLVerifyClient]
       ctx.verify_depth = config[:SSLVerifyDepth]
       ctx.verify_callback = config[:SSLVerifyCallback]
+      ctx.servername_cb = config[:SSLServerNameCallback] || proc { |args| ssl_servername_callback(*args) }
       ctx.timeout = config[:SSLTimeout]
       ctx.options = config[:SSLOptions]
       ctx.ciphers = config[:SSLCiphers]
       ctx
     end
+
+    ##
+    # ServerNameIndication callback
+
+    def ssl_servername_callback(sslsocket, hostname = nil)
+      # default
+    end
+
   end
 end
diff --git a/test/webrick/test_https.rb b/test/webrick/test_https.rb
new file mode 100644
index 0000000..30c8019
--- /dev/null
+++ b/test/webrick/test_https.rb
@@ -0,0 +1,84 @@
+# frozen_string_literal: false
+require "test/unit"
+require "net/http"
+require "webrick"
+require "webrick/https"
+require "webrick/utils"
+require_relative "utils"
+
+class TestWEBrickHTTPS < Test::Unit::TestCase
+  empty_log = Object.new
+  def empty_log.<<(str)
+    assert_equal('', str)
+    self
+  end
+  NoLog = WEBrick::Log.new(empty_log, WEBrick::BasicLog::WARN)
+
+  class HTTPSNITest < ::Net::HTTP
+    attr_accessor :sni_hostname
+
+    def ssl_socket_connect(s, timeout)
+      s.hostname = sni_hostname
+      super
+    end
+  end
+
+  def teardown
+    WEBrick::Utils::TimeoutHandler.terminate
+    super
+  end
+
+  def https_get(addr, port, hostname, path)
+    http = HTTPSNITest.new(addr, port)
+    http.use_ssl = true
+    http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+    http.sni_hostname = hostname
+    req = Net::HTTP::Get.new(path)
+    req["Host"] = "#{hostname}:#{port}"
+    http.request(req).body
+  end
+
+  def test_sni
+    config = {
+      :ServerName => "localhost",
+      :SSLEnable => true,
+      :SSLCertName => "/CN=locahost",
+    }
+    TestWEBrick.start_httpserver(config){|server, addr, port, log|
+      server.mount_proc("/") {|req, res| res.body = "master" }
+
+      vhost_config1 = {
+        :ServerName => "vhost1",
+        :Port => port,
+        :DoNotListen => true,
+        :Logger => NoLog,
+        :AccessLog => [],
+        :SSLEnable => true,
+        :SSLCertName => "/CN=vhost1",
+      }
+      vhost1 = WEBrick::HTTPServer.new(vhost_config1)
+      vhost1.mount_proc("/") {|req, res| res.body = "vhost1" }
+      server.virtual_host(vhost1)
+
+      vhost_config2 = {
+        :ServerName => "vhost2",
+        :ServerAlias => ["vhost2alias"],
+        :Port => port,
+        :DoNotListen => true,
+        :Logger => NoLog,
+        :AccessLog => [],
+        :SSLEnable => true,
+        :SSLCertName => "/CN=vhost2",
+      }
+      vhost2 = WEBrick::HTTPServer.new(vhost_config2)
+      vhost2.mount_proc("/") {|req, res| res.body = "vhost2" }
+      server.virtual_host(vhost2)
+
+      assert_equal("master", https_get(addr, port, "localhost", "/localhost"))
+      assert_equal("master", https_get(addr, port, "unknown", "/unknown"))
+      assert_equal("vhost1", https_get(addr, port, "vhost1", "/vhost1"))
+      assert_equal("vhost2", https_get(addr, port, "vhost2", "/vhost2"))
+      assert_equal("vhost2", https_get(addr, port, "vhost2alias", "/vhost2alias"))
+    }
+  end
+end