Hello everyone,

I have a slightly off-topic question but one I think stunnel's developers are in a good position to assist me with.

I need to implement what amounts to an embedded web server for a process that will be deployed on a "hostile" server (Win32), meaning that I don't want the people in that server to mess around with either the process or the network traffic to/from the process. The goal is to deploy a binary and a set of DLLs to the hostile server (no configuration files). To this effect, I have found a couple of usable HTTP server libraries, and I have implemented the functionality I need over clean HTTP. Now, I would like to use SSL to encrypt the data coming and going to my process; alas, I have not found any open source HTTP library that also supports HTTPS. Therefore, I have come to the conclusion that I will have to integrate OpenSSL into one of the HTTP libraries myself.

The first question is: how difficult is it to integrate OpenSSL in "server mode" into an application? I tried taking a peek at Apache's mod_ssl, but being unfamiliar with Apache's internals, I was completely lost. Then it occurred to me that stunnel must do something similar to what I need, and indeed I could follow the code in stunnel to a point; before going any further, I wanted to first hear comments, opinions and hints from the developers.

It also occurred to me that I could do what I need if stunnel offered some kind of "in process" handling of requests: instead of forwarding to a certain host:port the requests it gets, maybe stunnel itself could be configured to process the requests somehow, generate the responses and send them back; for instance, what I need to do is basically query a MySQL DB and send some records back. I am pretty sure this is not supported in stunnel today, but if it is something that anyone (besides me) sees as useful, I could volunteer to do at least part of the development. Alternatively, please feel free to educate me on why this is a moronic idea...

In any case, thanks for a great product and best regards,

--
Gonzalo Diethelm
gonzalo.diethelm@aditiva.com