On 11/07/2014 01:28 PM, Wietse Venema wrote: > What stops us from implementing SNI? Looking at some on-line > posts, this involes one SSL_CTX per certificate and one call-back > that looks up the desired server name with SSL_get_servername() > and that sets the corresponding context with SSL_set_SSL_CTX().
So, in layman's terms, if I understand you correctly, you're saying that in order to implement SNI in postfix we would require a list of server names and then have to repeatedly call the OpenSSL library for each each name until one matches or we exhaust the list of names? Peter
