[stunnel-users] SNI support in OpenSSL

• Previous message (by thread): [stunnel-users] SSLv3 not working with version 5.06
• Next message (by thread): [stunnel-users] 'Integer constant too large' warnings in str.c
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello all,

The stunnel documentation says that SNI requires stunnel to be linked
with OpenSSL >= 1.0.0. However, SNI is supported in OpenSSL since
0.9.8f (and actually enabled by default since 0.9.8k).

For 0.9.8f and later, OPENSSL_NO_TLSEXT will be defined if TLS
extension support (including SNI support) is not compiled into
OpenSSL.

Taking the above into account, the OpenSSL version check in stunnel
(src/common.h) could be relaxed a bit. Instead of:

#if OPENSSL_VERSION_NUMBER<0x10000000L
#define OPENSSL_NO_TLSEXT
#define OPENSSL_NO_PSK
#endif /* OpenSSL older than 1.0.0 */

this could be:

#if OPENSSL_VERSION_NUMBER<0x00908060L
#define OPENSSL_NO_TLSEXT
#endif /* OpenSSL older than 0.9.8f */

#if OPENSSL_VERSION_NUMBER<0x10000000L
#define OPENSSL_NO_PSK
#endif /* OpenSSL older than 1.0.0 */

This would enable SNI on systems using 0.9.8 (Mac OS X for example).

Best regards,

Guillermo Rodriguez Garcia
guille.rodriguez at gmail.com

• Previous message (by thread): [stunnel-users] SSLv3 not working with version 5.06
• Next message (by thread): [stunnel-users] 'Integer constant too large' warnings in str.c
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]