-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Jeremie Le Hen wrote:
You have to use Server Name Indication, which is basically a "Host:" equivalent header at the TLS level.
However, AFAIK, stunnel doesn't support this.
Support for Server Name Indication is already on my TODO list: http://stunnel.mirt.net/?page=todo_sdf
Implementation should be possible with SSL_CTX_set_tlsext_servername_callback() function introduced by recent versions of OpenSSL. I found some patches for mod_ssl to support SNI extension.
stunnel.conf changes would probably introduce a new service endpoint option called "serverName" or "SNI". These sections would not be available directly (with an "accept" endpoint option), but instead switched to when SNI TLS extension is received.
Anyone willing to sponsor this feature?
Best regards, Mike