On 2014/03/28 22:09, Philip Guenther wrote: > On Thu, Mar 27, 2014 at 3:33 AM, Jérémie Courrèges-Anglas > <[email protected]> wrote: > > Thanks sthen@ for noticing it, ftp(1) doesn't perform SNI, Server Name > > Indication. (try eg. https://www.stunnel.org/) > > > > Here's a diff to improve the situation (first and last hunks). While > > I can get some eyes for a review, let's add some more changes. ;) > > The other changes look ok to me, but I am unable to find any > documentation SSL_set_tlsext_host_name() to reassure me that it's > being used correctly here, or even that it's useful. > > :-( > > > Philip Guenther >
Given that they don't even document that there's an environment variable which overrides the system CA cert.pem path (which is kind-of security-important information), I think this is pretty much par for the course :(
