Ken Hornstein <[email protected]> wrote: > When researching the issue Michael Richardson brought up today, it make > me realize we really should be calling SSL_set_tlsext_host_name() so we > send the TLS extension "server name indicator". Which is easy, it's > literally one line of code. But that makes me ask a larger question: we > have some autoconf goo to support older libraries (pre OpenSSL 1.0.2) > that didn't support the function X509_VERIFY_PARAM_set1_host(), and I > lack the energy to research if SSL_set_tlsext_host_name() exists in > pre-1.0.2 OpenSSL. I think at this point we should consider OpenSSL > 1.0.2 the minimum supported version of OpenSSL for nmh. This would > guarantee we are doing TLS 1.2 everywhere and clean up some #ifdefs. > Objections?
I concur. If you have <1.0.2, then you probably don't have useful TLS, and should build without it. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | IoT architect [ ] [email protected] http://www.sandelman.ca/ | ruby on rails [
signature.asc
Description: PGP signature
-- nmh-workers https://lists.nongnu.org/mailman/listinfo/nmh-workers
