[stunnel-users] client side SNI
yyy at yyy.id.lv
Fri Jan 13 21:13:53 CET 2012
> Well... Not really. There is an undocumented method to do it. Use
> "protocolHost" option.
How to use it? Tried simply adding protocolHost=servername into client
configuration section, but it did not work, because server returned
default cert. "servername" in this case is not a recognized DNS name,
it exists only in stunnel configuration files.
Server were able to return proper cert and connect to proper service,
tested it by openssl s_client. (default server is http, additional
server (used with SNI) is vnc, they have different certs).
Here is client configuration (not working):
cert = clcert.crt
key = clkey.key
verify = 2
CAfile = ca.crt
client = yes
> What I'm going to do is to modify "sni" option, to specify client-side
> SNI name in a client-mode section ("client = yes").
>> I am trying to run multiple independent services over the same port
>> there is no DNS infrastructure in place, so those server names
>> would be random strings not refering to anything.
> You don't really need DNS for this.
> You could also specify your names in /etc/hosts on your client.
> stunnel-users mailing list
> stunnel-users at stunnel.org
yyy mailto:yyy at yyy.id.lv
More information about the stunnel-users