2010/1/17 Dr. Stephen Henson <st...@openssl.org> > On Sun, Jan 17, 2010, Josselin Jacquard wrote: > > > Thanks for your response. > > Let's say A wants to contact B with SSL. > > A send a ssl request to B, but C instead of B answers, because C and B > have > > the same address (maybe there are behind the same NAT). > > C was expecting a call from A, so he accepts the connection. > > > > What I'm trying to do is that I want C to detects that he wasn't the > > destination, therefore I want to put B name in the SSL connection, but > not > > in the cert issuing from A, because I don't want to issue a new cert for > > each destination. > > > > Is it better explained ? > > > > What is the application layer flag you are talking about ? I didn't find > > that in ssl doc... > > > > That sounds like the server name indication (SNI) extension which OpenSSL > supports already. >
Yep that's it, it will do for my case, because every server and client got an identification id, I will just have to putt this id into SNI. I had a kick look, but can you provide me with some info (openssl version needed and maybe a link to the corresponding api ?) Thanks in advance Joss > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
