Peter:
> On 11/07/2014 01:28 PM, Wietse Venema wrote:
> > What stops us from implementing SNI? Looking at some on-line
> > posts, this involes one SSL_CTX per certificate and one call-back
> > that looks up the desired server name with SSL_get_servername()
> > and that sets the corresponding context with SSL_set_SSL_CTX().
>
> So, in layman's terms, if I understand you correctly, you're saying that
> in order to implement SNI in postfix we would require a list of server
> names and then have to repeatedly call the OpenSSL library for each each
> name until one matches or we exhaust the list of names?
Postfix gets the client-specified servername with SSL_get_servername(),
and then it uses the SSL_CTX for that servername.
Wietse
