[stunnel-users] Feature request: set environment variable for inetd-type program
Christophe Nanteuil
christophe.nanteuil at gmail.com
Tue Jan 27 10:16:24 CET 2009
Hello,
2009/1/26 Michael Renner wrote -to me) :
> I see the only chance in accepting every SSL connection, check somehow for a
> authentication inside the ssl channel and redirect the traffic to the proxy
> (if the authentication succeed) or to a webserver if the authentication
> failed.
If I understand well, the feature you want is : if authentifcation
succeeds connect to good_server else connect to fake_server.
The check for authentification is done in file verify.c. The functions
return 1 if authentication succeeds and 0 if it fails. This features
rely on openssl backend and are specified in
http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html.
IMHO, if you want to implement your feature, I think you can patch stunnel to:
- in file verify.c
* maintain your own error storage variable
* make the verify functions always return 1
- in client.c, function init_remote, connect on selective host
depending on your own error variable (good_server or fake_server).
- in options.c : add the new option connect_fake option in services section.
I'm a little too busy to implement this shortly.
--
Christophe Nanteuil
More information about the stunnel-users
mailing list