[Devel] Re: [Users] TLS setup

Bogdan-Andrei Iancu bogdan at voice-system.ro
Thu Nov 10 20:58:30 CET 2005 

Hi Cesc,

I will take a look to see what about.....have ever you tried something 
similar?

regards,
bogdan

Cesc wrote:

> See this thread at openssl-dev ... the guy has the patch, but the 
> developers in openssl do not seem enthusiastic (i remember once one 
> replied ... but then the guy with the patch didn't say much again ... 
> ). But i guess it will be incorporated some day ... but not soon.
>
> http://www.seagate.cc:8000/message/20051013.172329.898bd9d2.en.html
>
> And, i have no idea how good the patch is ...
>
> Cesc
>
> On 11/3/05, *Bogdan-Andrei Iancu* <bogdan at voice-system.ro 
> <mailto:bogdan at voice-system.ro>> wrote:
>
>     Hi Cesc,
>
>     during a private discussion ( in front of a beer ;) ) you mention
>     there
>     is such extension for openssl - is it right? if so, can you please
>     point
>     to it?
>
>     regards,
>     bogdan
>
>     Cesc wrote:
>
>     >
>     >
>     > On 10/12/05, *Klaus Darilion* <klaus.mailinglists at pernau.at
>     <mailto:klaus.mailinglists at pernau.at>
>     > <mailto:klaus.mailinglists at pernau.at
>     <mailto:klaus.mailinglists at pernau.at>>> wrote:
>     >
>     >     FYI: In rfc3546 (section 3.1), there is an TLS extension
>     targeting
>     >     this
>     >     problem:
>     >
>     >       Specifically, the extensions described in this document are
>     >     designed
>     >        to:
>     >        -  Allow TLS clients to provide to the TLS server the
>     name of the
>     >           server they are contacting.  This functionality is
>     desirable to
>     >           facilitate secure connections to servers that host
>     multiple
>     >           'virtual' servers at a single underlying network address.
>     >
>     >
>     >     AFAIK this is not supported in openssl, only in GNUTLS.
>     >
>     >
>     > This is indeed nice ... but then, do you propose moving ser-tls
>     > implementation from openssl to gnutls? :(   I think it may not be
>     > worth (it means that any testing till now is not-valid) and my
>     guess
>     > is that openssl shall support this anytime soon (this is just a
>     hunch).
>     >
>     > Cesc
>     >
>     >
>     >
>     >------------------------------------------------------------------------
>     >
>     >_______________________________________________
>     >Devel mailing list
>     >Devel at openser.org <mailto:Devel at openser.org>
>     >http://openser.org/cgi-bin/mailman/listinfo/devel
>     >
>     >
>
>

More information about the Devel mailing list