On Sunday 04 June 2006 15:30, Joao Inacio took the opportunity to write:
On 6/1/06, Jim Flowers jflowers@ezo.net wrote:
FWIW, stunnel can be configured to run multiple instances (one per ip/domain) each with its own certificates and services (pop3s, imaps, https, etc.) connected to the appropriate ip:port (pop3, imap, http, etc.). Very flexible and user friendly as certificates are specific to the domain and users can logon with just username (not username@domain.tld).
It also operates chroot but the certs are read at startup.
Sorry do barge in, but wouldn't several domains, each with it's own cert, need different ip addresses?
In practice, yes. Or different ports. RFC 3546 and RFC 4366 define the "server_name" extension to TLS 1.0 and 1.1, respectively, It can be used to tell the server which certificate to use, but I don't think it's widely implemented.
-- Magnus Holmgren holmgren@lysator.liu.se (No Cc of list mail needed, thanks)