diff options
author | Phil Pennock <pdp@exim.org> | 2012-05-17 02:53:44 -0400 |
---|---|---|
committer | Phil Pennock <pdp@exim.org> | 2012-05-17 02:53:44 -0400 |
commit | 1365611d62f130d0a096b322656b5b790628d2c7 (patch) | |
tree | 1faa2d23d0a5f8b638669c96960900db43a02488 /test/mail/5002.new | |
parent | b34fc30c7704c469a25b5a933fc38867f5128630 (diff) |
Get TLS SNI server-switching working with GnuTLS.
Registering a cert/key in an x509 credentials *adds* them, and there's
no way to remove them, so we need a shiny new x509_cred each time the
key/cert change.
Since we avoid re-expanding unless tls_sni appears in tls_certificate,
we've mostly avoided the expense unless SNI is in use, and the extra
loading should be minimal, as everything should be in buffer/cache from
a few microseconds beforehand.
This code tested with GnuTLS and OpenSSL clients, without TLS
extensions, with servername, and verifying we do now get the correct
cert.
Diffstat (limited to 'test/mail/5002.new')
0 files changed, 0 insertions, 0 deletions