Hello everyone,
I have a slightly off-topic question but one I think stunnel's
developers are in a good position to assist me with.
I need to implement what amounts to an embedded web server for a process
that will be deployed on a "hostile" server (Win32), meaning that I
don't want the people in that server to mess around with either the
process or the network traffic to/from the process. The goal is to
deploy a binary and a set of DLLs to the hostile server (no
configuration files). To this effect, I have found a couple of usable
HTTP server libraries, and I have implemented the functionality I need
over clean HTTP. Now, I would like to use SSL to encrypt the data coming
and going to my process; alas, I have not found any open source HTTP
library that also supports HTTPS. Therefore, I have come to the
conclusion that I will have to integrate OpenSSL into one of the HTTP
libraries myself.
The first question is: how difficult is it to integrate OpenSSL in
"server mode" into an application? I tried taking a peek at Apache's
mod_ssl, but being unfamiliar with Apache's internals, I was completely
lost. Then it occurred to me that stunnel must do something similar to
what I need, and indeed I could follow the code in stunnel to a point;
before going any further, I wanted to first hear comments, opinions and
hints from the developers.
It also occurred to me that I could do what I need if stunnel offered
some kind of "in process" handling of requests: instead of forwarding to
a certain host:port the requests it gets, maybe stunnel itself could be
configured to process the requests somehow, generate the responses and
send them back; for instance, what I need to do is basically query a
MySQL DB and send some records back. I am pretty sure this is not
supported in stunnel today, but if it is something that anyone (besides
me) sees as useful, I could volunteer to do at least part of the
development. Alternatively, please feel free to educate me on why this
is a moronic idea...
In any case, thanks for a great product and best regards,
--
Gonzalo Diethelm
gonzalo.diethelm(a)aditiva.com