Hi, Mike!
In spite of new changes, it's still work incorrect because of init_remote(c) connect to the address from root config section:
protocol(c, PROTOCOL_PRE_CONNECT); init_remote(c); <<<<<<<<<< destination address from root section protocol(c, PROTOCOL_PRE_SSL); init_ssl(c); <<<<<<<<<<< switch to target SNI config section only there protocol(c, PROTOCOL_POST_SSL); <<<<<<<<<<< send PROXY protocol to incorrect address
Context switch to target section parameters after init_ssl(c) only.
/Alexey V. Drozdov e-mail: anyquist@yandex.ru
On 2014-04-12 18:32, Alexey V. Drozdov wrote:
Context switch to target section parameters after init_ssl(c) only.
So the requirements are: 1. init_remote() needs to be executed *after* init_ssl(), because it needs the destination address retrieved with SNI. 2. protocol() negotiation needs to be performed *after* init_remote(), because it needs to be connected to the target host to send the IP.
This version solves the problem (according to my tests): https://www.stunnel.org/downloads/beta/stunnel-5.02b1.tar.gz
Mike
On 2014-04-12 21:29, I wrote:
This version solves the problem (according to my tests): https://www.stunnel.org/downloads/beta/stunnel-5.02b1.tar.gz
I just found a first mistake. It is fixed here:
https://www.stunnel.org/downloads/beta/stunnel-5.02b2.tar.gz
BTW: https://www.stunnel.org/ was unavailable for ~7 hours today due to a hardware failure. The server has been replaced and it is back online.
Mike
-
Alexey V. Drozdov -
Michal Trojnara