[stunnel-users] SNI support in OpenSSL
Guillermo Rodriguez Garcia
guille.rodriguez at gmail.com
Sun May 8 13:54:49 CEST 2016
Hello all,
The stunnel documentation says that SNI requires stunnel to be linked
with OpenSSL >= 1.0.0. However, SNI is supported in OpenSSL since
0.9.8f (and actually enabled by default since 0.9.8k).
For 0.9.8f and later, OPENSSL_NO_TLSEXT will be defined if TLS
extension support (including SNI support) is not compiled into
OpenSSL.
Taking the above into account, the OpenSSL version check in stunnel
(src/common.h) could be relaxed a bit. Instead of:
#if OPENSSL_VERSION_NUMBER<0x10000000L
#define OPENSSL_NO_TLSEXT
#define OPENSSL_NO_PSK
#endif /* OpenSSL older than 1.0.0 */
this could be:
#if OPENSSL_VERSION_NUMBER<0x00908060L
#define OPENSSL_NO_TLSEXT
#endif /* OpenSSL older than 0.9.8f */
#if OPENSSL_VERSION_NUMBER<0x10000000L
#define OPENSSL_NO_PSK
#endif /* OpenSSL older than 1.0.0 */
This would enable SNI on systems using 0.9.8 (Mac OS X for example).
Best regards,
Guillermo Rodriguez Garcia
guille.rodriguez at gmail.com
More information about the stunnel-users
mailing list