This patch addresses the need for service-level ssl contexts. In particular, the following options which were only available as global options may now be used at the service level: cert, key, CApath, CAfile, ciphers, CRLpath, CRLfile, options, client and verify. If any of these options are used in a service section, stunnel will override its global setting -- if it exists -- and initialize a separate ssl context for the service. On the other hand, for those services that do not specify any of these options, stunnel will fall back on what was specified in the global section of the configuration file and intialize a "common" ssl context for those services.
Note:
If all services each specified at least one the the above ssl options, then the no "common" ssl context will be initialized since each service will have its own. In this case, it's still a good idea to put common default ssl options in the global section as each service will inherit these settings even if the service initializes its own ssl context.
Brought to you by:
Nick Tolomiczenko: nick@renderquest.com or nick@neikos.com Shem Ali: shem@renderquest.com