[stunnel-users] Feature request: set environment variable for inetd-type program

• Previous message (by thread): [stunnel-users] Feature request: set environment variable for inetd-type program
• Next message (by thread): [stunnel-users] Feature request: set environment variable for inetd-type program
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,
2009/1/26 Michael Renner wrote -to me) :
> I see the only chance in accepting every SSL connection, check somehow for a
> authentication inside the ssl channel and redirect the traffic to the proxy
> (if the authentication succeed) or to a webserver if the authentication
> failed.

If I understand well, the feature you want is : if authentifcation
succeeds connect to good_server else connect to fake_server.

The check for authentification is done in file verify.c. The functions
return 1 if authentication succeeds and 0 if it fails. This features
rely on openssl backend and are specified in
http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html.

IMHO, if you want to implement your feature, I think you can patch stunnel to:
- in file verify.c
  * maintain your own error storage variable
  * make the verify functions always return 1
- in client.c, function init_remote, connect on selective host
depending on your own error variable (good_server or fake_server).
- in options.c : add the new option connect_fake option in services section.

I'm a little too busy to implement this shortly.
-- 
Christophe Nanteuil

• Previous message (by thread): [stunnel-users] Feature request: set environment variable for inetd-type program
• Next message (by thread): [stunnel-users] Feature request: set environment variable for inetd-type program
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]