+1, to both! Thanks.
On Tue, May 12, 2015 at 9:31 PM, Jeff Trawick <traw...@gmail.com> wrote: > ... where "OCSP stapling" means "get the server to do the related work but > don't care what you get back". > > Perhaps this doesn't save any time for anybody that would want to test such > a thing, but who knows? > > Index: support/ab.c > =================================================================== > --- support/ab.c (revision 1679028) > +++ support/ab.c (working copy) > @@ -1287,6 +1287,8 @@ > bio = BIO_new_socket(fd, BIO_NOCLOSE); > SSL_set_bio(c->ssl, bio, bio); > SSL_set_connect_state(c->ssl); > + SSL_set_tlsext_host_name(c->ssl, hostname); > + SSL_set_tlsext_status_type(c->ssl, TLSEXT_STATUSTYPE_ocsp); > if (verbosity >= 4) { > BIO_set_callback(bio, ssl_print_cb); > BIO_set_callback_arg(bio, (void *)bio_err); > > The lack of SNI is a pretty big hole now; it probably doesn't need much > extra in the way of #if/if to do the right thing. >