Simon, I understand you are talking about the client side SNI support. Miha's reply is probably about the utility of synapse server side support for SNI.
Attached is a patch that supports client side SNI. You need OpenSSL 0.9.8k or later to get this working. The server name sent to the host is the hostname used in the http header and extracted from the url. You can override the server name with a new string property TCustomSSL.SNIHost. Note that this patch includes my previous patches (openssl and cryptlib) sent recently. I haven't tested this with older versions of OpenSSL but looking at the OpenSSL code there is no harm done calling SSL_ctrl using undefined cmd parameters. Support for the SSL_CTRL_SET_TLSEXT_HOSTNAME can also be disabled when compiling openssl which confirms the no harm done. My only worry is the hardcoding of const SSL_CTRL_SET_TLSEXT_HOSTNAME in ssl_openssl_lib. I don't know how stable the openssl api has been so far. Lukas, can you shed your light on this? I see there are more hardcoded constants in ssl_openssl_lib. Ludo -----Message d'origine----- De : Simon L [mailto:sim...@gmail.com] Envoyé : mercredi 23 février 2011 17:03 À : synalist-public@lists.sourceforge.net Objet : [Synalist] [Feature Request] Https/SNI (Server Name Indication)Support Hello Lukas, Apache now supports multiple SSL sites on a single IP address: http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI To take advantage of this feature, client software needs to implement Server Name Indication (documented in RFC 4366) Most Web browsers now support SNI. It would be great if you add this feature to Synapse HTTPSend. Thank you. Simon ---------------------------------------------------------------------------- -- Free Software Download: Index, Search & Analyze Logs and other IT data in Real-Time with Splunk. Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. http://p.sf.net/sfu/splunk-dev2dev _______________________________________________ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
sni.diff
Description: Binary data
------------------------------------------------------------------------------ Free Software Download: Index, Search & Analyze Logs and other IT data in Real-Time with Splunk. Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. http://p.sf.net/sfu/splunk-dev2dev
_______________________________________________ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
