Ken Hornstein wrote in <20190627171410.ea24e7b...@pb-smtp21.pobox.com>: |>I use that protected via |> |> #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME | |I did see that ... but I also was worried that since OpenSSL makes no |guarantees that this define will stick around in the future, depending |on that may come back to bite me. I'd rather simply just put it in |unconditionally and force everyone to be using 1.0.0 or newer.
Fair enough. Though i am afraid that regarding OpenSSL bit rot will have to be expected; the _CTRL_ series looked the most stable to me. Thinking about it, the "ext" in SSL_set_tlsext_host_name could appear strange in five years from now. Btw. i was lazy and simply call this function, even if SSLv3 was still around by then (more than today): OpenSSL and derivates do not perform any checks, it is just that the hostname set will be used for SNI if possible, and not otherwise. Unlikely this has changed. (Despite that noone uses SSLv3 no more.) --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) -- nmh-workers https://lists.nongnu.org/mailman/listinfo/nmh-workers