[stunnel-users] stunnel & HAProxy : patch still required ?

Thomas Manson thomas at 123monsite.com
Wed Nov 23 22:07:56 CET 2011 

Hi,

I'm willing to use this kind of configuration :

https client -->stunnel --> haproxy --> 2 web servers in http (or more)

I've understand that haproxy can't handle the ssl part, that's why stunnel
is needed.

I've read that a Patch is required for stunnel to work with haproxy in this
kind of confirmation

"I run stunnel 4.32 with patch from http://haproxy.1wt.eu/download/patches/ on
port 443 and forward it to port 81 on the same machine which is bound to
haproxy."

Can anyone tell me if this patch is now included in stunnel,
in particular, does Ubuntu 11.10 include it ?

I really would rather stay with package provided  by ubuntu in order to
have easy upgrade/security fix.
I've experiences the work overload of manually compiling everything in
Apache for instance ;)

Any advices on this kind of setup ? documentation pointers? best practices
?

Regards,
Thomas.

here is the current package version on ubuntu 11.10


thomas at daisybox:~/Documents$ aptitude show stunnel4
Package: stunnel4
New: yes
State: not installed
Version: 3:4.35-2build1
Priority: optional
Section: universe/net
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Uncompressed Size: 541 k
Depends: libc6 (>= 2.11), libssl1.0.0 (>= 1.0.0), libwrap0 (>= 7.6-4~),
openssl, netbase, perl-modules
PreDepends: adduser
Suggests: logcheck-database
Conflicts: stunnel4
Breaks: stunnel (< 3:4.20-3), stunnel (< 3:4.20-3)
Replaces: stunnel, stunnel
Provides: stunnel
Description: Universal SSL tunnel for network daemons
 The stunnel program is designed to work  as  SSL  encryption wrapper
between remote client and local (inetd-startable) or remote server. The
concept is that having non-SSL
 aware daemons running  on  your  system you can easily setup them to
communicate with clients over secure SSL channel.

 stunnel can be used to add  SSL  functionality  to  commonly used  inetd
 daemons  like  POP-2,  POP-3  and  IMAP servers without any changes in the
programs' code.

 This package contains a wrapper script for compatibility with stunnel 3.x
Homepage: http://www.stunnel.org/

thomas at daisybox:~/Documents$ aptitude show stunnel
No current or candidate version found for stunnel
Package: stunnel
State: not a real package
Provided by: stunnel4
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20111123/46081077/attachment.html>

More information about the stunnel-users mailing list