On 26.03.2014 13:05, Michael Carlino (RIT Student) wrote:
In the client stunnel I need to make a small change to the HTTP packet. I need to add some data to it.
Then you *don't* want to manipulate *packets* (as in, using iptables, tcpdump, wireshark etc.). Adding data to a packet will mess up basic TCP/IP mechanisms like path MTU discovery real fierce.
I know that as a proxy stunnel has to be and tries to be general in nature. I am not concerned (right now) with developing a feature that will become available to others later. I don't mind if my changes make my development version of stunnel single-purpose. My work is academic and proof-of-concept in it's nature.
Is there a reason - apart from the "server-side stunnel might want to close the connection" you mentioned - not to leave stunnel to do what it strives to do, and insert one or two additional layers with some dedicated HTTP-munging software (say, privoxy) instead? Or, for that matter, a dedicated SSL sniffer (say, ssldump) if the server side needs only *read* access to the actual HTTP data?
Regards, J. Bern