On Thu, Oct 13, 2005 at 07:23:29PM +0200, Peter Sylvester wrote: > I have put a version of openssl that supports the TLS servername extension > into our web server. It is based on a openssl development snapshot of > last week. > We have split of and simplified the code that was done together with SRP > last year, an,d corrected known bugs. > > See http://www.edelweb.fr/EdelKey/files/openssl-0.9.8+SERVERNAME.tar.gz > > see also http://www.edelweb.fr/EdelKey/ > > The snapshot was one day before the 0.9.8a announcement, [...]
> basically s_client and s_server have been slighlty enhanced and in "ssl" > there the modules that have OPENSSL_NO_TLSEXT contain the new > functionality. > In the s23_lib.c it is possible to have anounce a TLS extension and > to "ignore it" on the server side as with s3_lib. > > There is one functionality which is not necessary to support the servername > extension, but only to allow a renegotiation of a session using another > servername, e;g. when a web server received a "Host: " This is not yet > fully tested, and I am not sure whether the implemenation is good. > The idea is to switch the ssl->ctx point to another context. The reference > counting for the ctx is simple, but during an SSL_new there is some > data "cached" down into the SSL, and, in particular the interesting > one, the server's certificate. It may not be necessary to switch the > actual CTX, but rather change the SSL to cache from the "other" CTX. Great! Can you provide your changes in 'diff -u' format, relative to the snapshot it was based on? ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]