[stunnel-users] stunnel-4.11 patch for multiple certificates

Nick Tolomiczenko nick at neikos.com
Wed Sep 14 21:29:04 CEST 2005

Hi stunnel users,

I placed a patch to stunnel-4.11 that will enable it to handle multiple
certificates. It is currently awaiting moderator approval. For those who
can't wait, please contact myself, Nick Tolomiczenko, or Shem Ali below.

Here's the description of what it does:

This patch addresses the need for service-level ssl contexts. In
particular, the following options which were only available as global
options may now be used at the service level: cert, key, CApath, CAfile,
ciphers, CRLpath, CRLfile, options, client and verify. If any of these
options are used in a service section, stunnel will override its global
setting -- if it exists -- and initialize a separate ssl context for the
service. On the other hand, for those services that do not specify any of
these options, stunnel will fall back on what was specified in the global
section of the configuration file and intialize a "common" ssl context for
those services.


If all services each specified at least one the the above ssl options,
then the no "common" ssl context will be initialized since each service
will have its own. In this case, it's still a good idea to put common
default ssl options in the global section as each service will inherit
these settings even if the service initializes its own ssl context.

Brought to you by:

Nick Tolomiczenko: nick at renderquest.com or nick at neikos.com
Shem Ali: shem at renderquest.com

More information about the stunnel-users mailing list