<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 10/08/2012 07:22 PM, Emmanuel Egensperger wrote:
<blockquote
cite="mid:1349716970.58055.YahooMailNeo@web171402.mail.ir2.yahoo.com"
type="cite">
<meta http-equiv="Context-Type" content="text/html; charset=utf-8">
<div>
<div><br>
<div> <br>
</div>
<div> Is there any solution to my problem ? Have I done
something wrong ? </div>
<br>
</div>
</div>
</blockquote>
<br>
I use a small patch for this, it also passes some more "nice to
know" stuff to the application running "behind" stunnel. I agree
that this patch might be shooting a bit over your target, but anyhow
that is how I do it myself. <br>
<br>
Patch description;<br>
-----------------------------------------------------------------------<br>
Allows passing of crypto parameters for the current client to the<br>
server "behind" stunnel. This allows the application in the server<br>
to take the crypto level and client-ip:port into account when<br>
offering a service (or not).<br>
<br>
The client info is passed as the *first* line before the normal<br>
unencryped data stream from the client.<br>
<br>
Example "192.168.10.53:53353;ECDHE-RSA-RC4-SHA"<br>
-----------------------------------------------------------------------<br>
<br>
The crypto level is nice to know as stunnel can be configured to
allow weaker cryptos (for backwards compatibility with older
browsers). When the application sees a week crypto it can require a
one-time password as authentication, instead of normal
username:static-password. As this info is passed as a first line,
the application need written to take this into account.<br>
<br>
Mike: I have been using this patch for some time without any issues,
if you like to include it in stunnel it is under public domain.The
patch is re-based on top of 4.54b8. Is is enabled with a new option
"send_client_info = yes", without this it does nothing.<br>
<br>
Regards,<br>
Henrik<br>
</body>
</html>