On Sun, Jan 17, 2010, Josselin Jacquard wrote: > Thanks for your response. > Let's say A wants to contact B with SSL. > A send a ssl request to B, but C instead of B answers, because C and B have > the same address (maybe there are behind the same NAT). > C was expecting a call from A, so he accepts the connection. > > What I'm trying to do is that I want C to detects that he wasn't the > destination, therefore I want to put B name in the SSL connection, but not > in the cert issuing from A, because I don't want to issue a new cert for > each destination. > > Is it better explained ? > > What is the application layer flag you are talking about ? I didn't find > that in ssl doc... >
That sounds like the server name indication (SNI) extension which OpenSSL supports already. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
