Hello all,
The stunnel documentation says that SNI requires stunnel to be linked with OpenSSL >= 1.0.0. However, SNI is supported in OpenSSL since 0.9.8f (and actually enabled by default since 0.9.8k).
For 0.9.8f and later, OPENSSL_NO_TLSEXT will be defined if TLS extension support (including SNI support) is not compiled into OpenSSL.
Taking the above into account, the OpenSSL version check in stunnel (src/common.h) could be relaxed a bit. Instead of:
#if OPENSSL_VERSION_NUMBER<0x10000000L #define OPENSSL_NO_TLSEXT #define OPENSSL_NO_PSK #endif /* OpenSSL older than 1.0.0 */
this could be:
#if OPENSSL_VERSION_NUMBER<0x00908060L #define OPENSSL_NO_TLSEXT #endif /* OpenSSL older than 0.9.8f */
#if OPENSSL_VERSION_NUMBER<0x10000000L #define OPENSSL_NO_PSK #endif /* OpenSSL older than 1.0.0 */
This would enable SNI on systems using 0.9.8 (Mac OS X for example).
Best regards,
Guillermo Rodriguez Garcia guille.rodriguez@gmail.com