[stunnel-users] Patch: Include source IP in connection failure log lines

• Previous message (by thread): [stunnel-users] stunnel & HAProxy : patch still required ?
• Next message (by thread): [stunnel-users] stunnel 4.48 released
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'm setting up an internet-facing server that will be running a
service wrapped with stunnel.  Given that, it made sense to me to use
fail2ban to block repeat connection attempts from clients who don't
have the right certificate (the system is using client-certificate
authentication).  Unfortunately, stunnel4 doesn't put the client
source IP in connection failure log lines, so I made this quick patch
to enable that.

---cut here----
--- src/client.c.orig       2011-10-05 16:47:48.000000000 -0700
+++ src/client.c    2011-10-05 16:50:37.000000000 -0700
@@ -358,10 +358,13 @@
                 continue;
             }
         }
-        if(c->opt->option.client)
+        if(c->opt->option.client) {
             sslerror("SSL_connect");
-        else
-            sslerror("SSL_accept");
+        } else {
+            char buf[255];
+            sprintf(buf, "SSL_accept from %s ", c->accepted_address);
+            sslerror(buf);
+        }
         longjmp(c->err, 1);
     }
     if(SSL_session_reused(c->ssl)) {
----cut here----

• Previous message (by thread): [stunnel-users] stunnel & HAProxy : patch still required ?
• Next message (by thread): [stunnel-users] stunnel 4.48 released
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]