Hi, I try to use PROXY protocol ability for my virtual server, but this options work for root section only. E.g. it not work for this simple case:
[virtual_server] accept = 443 connect = localhost:1081
cert = /etc/stunnel/serverCA.crt key = /etc/stunnel/serverCA.key
verify = 2 CAfile = /etc/stunnel/serverCA.crt
[server_ru] sni = virtual_server:server.ru
cert = /etc/stunnel/server.cer key = /etc/stunnel/server.pem
connect = localhost:7000 protocol = proxy <-- option don not work there
This problem exist due some code bug:
NOEXPORT void client_try(CLI *c) { init_local(c); if(!c->opt->option.client && c->opt->protocol<0) // <-- condition is true in spite of setup protorol=proxy { init_ssl(c); // we'll switch to target section (c->opt) there only! init_remote(c); } else { protocol(c, PROTOCOL_PRE_CONNECT); init_remote(c); protocol(c, PROTOCOL_PRE_SSL); init_ssl(c); protocol(c, PROTOCOL_POST_SSL); } ...
Simple adhoc solution work for me:
if(!c->opt->option.client && c->opt->protocol<0) // <-- condition is true in spite of setup protorol=proxy { init_ssl(c); init_remote(c); // force initiate PROXY protocol protocol(c, PROTOCOL_PRE_SSL); }
It's crutch and not general solution certain. But some code refactoring needs for more correct fix. I think that this bug will be fixed in future versions.
Thanks for stunnel! :)
/Alexey V. Drozdov e-mail: anyquist@yandex.ru