Well... Not really. There is an undocumented method to do it. Use "protocolHost" option.
How to use it? Tried simply adding protocolHost=servername into client configuration section, but it did not work, because server returned default cert. "servername" in this case is not a recognized DNS name, it exists only in stunnel configuration files. Server were able to return proper cert and connect to proper service, tested it by openssl s_client. (default server is http, additional server (used with SNI) is vnc, they have different certs). Here is client configuration (not working): [sni-client] cert = clcert.crt key = clkey.key verify = 2 CAfile = ca.crt client = yes accept=5992 protocolHost=servername:443 connect=yyy.id.lv:443 TIMEOUTclose=0
What I'm going to do is to modify "sni" option, to specify client-side SNI name in a client-mode section ("client = yes").
I am trying to run multiple independent services over the same port there is no DNS infrastructure in place, so those server names would be random strings not refering to anything.
You don't really need DNS for this. You could also specify your names in /etc/hosts on your client.
Mike _______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org http://stunnel.mirt.net/mailman/listinfo/stunnel-users