[stunnel-users] stunnel-4.11 patch for multiple certificates
Nick Tolomiczenko
nick at neikos.com
Wed Sep 14 21:02:49 CEST 2005
This patch addresses the need for service-level ssl contexts. In
particular, the following options which were only available as global
options may now be used at the service level: cert, key, CApath, CAfile,
ciphers, CRLpath, CRLfile, options, client and verify. If any of these
options are used in a service section, stunnel will override its global
setting -- if it exists -- and initialize a separate ssl context for the
service. On the other hand, for those services that do not specify any of
these options, stunnel will fall back on what was specified in the global
section of the configuration file and intialize a "common" ssl context for
those services.
Note:
If all services each specified at least one the the above ssl options,
then the no "common" ssl context will be initialized since each service
will have its own. In this case, it's still a good idea to put common
default ssl options in the global section as each service will inherit
these settings even if the service initializes its own ssl context.
Brought to you by:
Nick Tolomiczenko: nick at renderquest.com or nick at neikos.com
Shem Ali: shem at renderquest.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: stunnel-4.11.mult_certs.patch
Type: application/octet-stream
Size: 54116 bytes
Desc: not available
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20050914/0066a3fb/attachment.obj>
More information about the stunnel-users
mailing list