On Oct 10, 2009 at 14:04, Jan Janak jan@ryngle.com wrote:
On Sat, Oct 10, 2009 at 1:58 PM, Olle E. Johansson oej@edvina.net wrote:
??<title><varname>config</varname> (string)</title> ?? ?? ?? ??<para> ?? ?? ?? ?? ?? ?? ?? ??Sets the name of the TLS specific config file. ?? ?? ?? ??</para> ?? ?? ?? ??<para> ?? ?? ?? ?? ?? ?? ?? ??If set the TLS module will load a special config file, in which different TLS parameters can be specified on a per role (server or client) and domain basis (for now only IPs). The corresponding module parameters will be ignored. ?? ?? ?? ??</para>
Is this still valid - that we only configure tls on IP?
Currently yes. It is on my todo list to extend the configuration file syntax to also support server names, but I am not there yet.
I think this is something that can wait. The server name extension is quite new in openssl (on by default since 1.0). I doubt there are many clients supporting it and unless all or most your clients support it is quite useless (it's used for virtual domains). As a matter of fact does anybody know any? (for testing)
Andrei