Ken Hornstein wrote in <20190627171410.EA24E7B189@pb-smtp21.pobox.com>:
|>I use that protected via
|>
|> #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
|
|I did see that ... but I also was worried that since OpenSSL makes no
|guarantees that this define will stick around in the future, depending
|on that may come back to bite me. I'd rather simply just put it in
|unconditionally and force everyone to be using 1.0.0 or newer.
Fair enough. Though i am afraid that regarding OpenSSL bit rot
will have to be expected; the _CTRL_ series looked the most stable
to me. Thinking about it, the "ext" in SSL_set_tlsext_host_name
could appear strange in five years from now. Btw. i was lazy and
simply call this function, even if SSLv3 was still around by
then (more than today): OpenSSL and derivates do not perform any
checks, it is just that the hostname set will be used for SNI if
possible, and not otherwise. Unlikely this has changed. (Despite
that noone uses SSLv3 no more.)
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
--
nmh-workers
https://lists.nongnu.org/mailman/listinfo/nmh-workers