<html><body><div style="font-family: Arial; font-size: 12pt; color: #000000"><div>After scouring the net I've found several isolated discussions regarding stunnel hostname validation.</div><div>And also some patches that seem to implement hostname validation:</div><div><br></div><div><a href="https://www.stunnel.org/pipermail/stunnel-users/2010-March/002613.html">https://www.stunnel.org/pipermail/stunnel-users/2010-March/002613.html</a></div><div><br></div><div>I have a requirement to have stunnel (4.56) validate client certificates and their identity by comparing the its CNAME against the source address.</div><div><br></div><div>I recall reading one response (which I can't find at the moment) from Marzena Trojnara indicating that this feature won't be supported.</div><div>If so, can you explain the rational?</div><div><br></div><div>Are there sanctioned patches out there today?</div><div><br></div><div><br></div><div>Regards,</div><div>-Fred</div></div></body></html>