[stunnel-users] Some troubles with PROXY protocol
Alexey V. Drozdov
anyquist at yandex.ru
Wed Mar 26 23:44:02 CET 2014
Hi,
I try to use PROXY protocol ability for my virtual server, but this options work for root section only.
E.g. it not work for this simple case:
[virtual_server]
accept = 443
connect = localhost:1081
cert = /etc/stunnel/serverCA.crt
key = /etc/stunnel/serverCA.key
verify = 2
CAfile = /etc/stunnel/serverCA.crt
[server_ru]
sni = virtual_server:server.ru
cert = /etc/stunnel/server.cer
key = /etc/stunnel/server.pem
connect = localhost:7000
protocol = proxy <-- option don not work there
This problem exist due some code bug:
NOEXPORT void client_try(CLI *c)
{
init_local(c);
if(!c->opt->option.client && c->opt->protocol<0) // <-- condition is true in spite of setup protorol=proxy
{
init_ssl(c);
// we'll switch to target section (c->opt) there only!
init_remote(c);
}
else
{
protocol(c, PROTOCOL_PRE_CONNECT);
init_remote(c);
protocol(c, PROTOCOL_PRE_SSL);
init_ssl(c);
protocol(c, PROTOCOL_POST_SSL);
}
...
Simple adhoc solution work for me:
if(!c->opt->option.client && c->opt->protocol<0) // <-- condition is true in spite of setup protorol=proxy
{
init_ssl(c);
init_remote(c);
// force initiate PROXY protocol
protocol(c, PROTOCOL_PRE_SSL);
}
It's crutch and not general solution certain. But some code refactoring needs for more correct fix.
I think that this bug will be fixed in future versions.
Thanks for stunnel! :)
/Alexey V. Drozdov
e-mail: anyquist at yandex.ru
More information about the stunnel-users
mailing list