Some troubles with PROXY protocol - stunnel-users

26 Mar 2014


      Hi,
I try to use PROXY protocol ability for my virtual server, but this options work for root section only.
E.g. it not work for this simple case:
[virtual_server]
accept  = 443
connect = localhost:1081
cert = /etc/stunnel/serverCA.crt
key = /etc/stunnel/serverCA.key
verify = 2
CAfile = /etc/stunnel/serverCA.crt
[server_ru]
sni = virtual_server:server.ru
cert = /etc/stunnel/server.cer
key = /etc/stunnel/server.pem
connect = localhost:7000
protocol = proxy  <-- option don not work there
This problem exist due some code bug:
NOEXPORT void client_try(CLI *c)
{
    init_local(c);
    if(!c->opt->option.client && c->opt->protocol<0) // <-- condition is true in spite of setup protorol=proxy
    {
        init_ssl(c);
    // we'll switch to target section (c->opt) there only!
        init_remote(c);
    } 
    else 
    { 
        protocol(c, PROTOCOL_PRE_CONNECT);
        init_remote(c);
        protocol(c, PROTOCOL_PRE_SSL);
        init_ssl(c);
        protocol(c, PROTOCOL_POST_SSL);
    }
...
Simple adhoc solution work for me:
if(!c->opt->option.client && c->opt->protocol<0) // <-- condition is true in spite of setup protorol=proxy
    {
        init_ssl(c);
        init_remote(c);
    // force initiate PROXY protocol
    protocol(c, PROTOCOL_PRE_SSL);
    }
It's crutch and not general solution certain. But some code refactoring needs for more correct fix.
I think that this bug will be fixed in future versions.
Thanks for stunnel! :)
/Alexey V. Drozdov
e-mail: anyquist@yandex.ru