Good evening folks,

Michal was kind enough to review and rewrite/integrate one of my patches for logging session IDs [1] and post the remaining ones on the website [2]!

So, I feel I should also contribute to this list a little program I wrote. It is meant to be used with the exec= directive. It is mostly useful when stunnel is used to secure a connexion between a client and a HTTP proxy. A stunnel instance can run locally on the client while a stunnel server runs on the HTTP proxy:

HTTP client (proxy'ed) <- > stunnel client <--> stunnel server <-> HTTP proxy

Here, the "exec=" program will run on the stunnel server and add some extra headers to each HTTP request. One of this headers is the client's Distinguished Name (from its X.509 certificate). The HTTP proxy (squid for example) can then make some decision based on this HTTP header (authorisation, etc.).

It relies heavily on PicoHTTPParser.

Regards, Tony Cheneau

[1]: to appear in version 5.49, see https://www.stunnel.org/sdf_ChangeLog.html

[2]: patches 0002 and 0003 on https://www.stunnel.org/patches.html