[stunnel-users] stunnel patch for extra logging

Steven Van Acker deepstar+EwFym5v8 at singularity.be
Thu Oct 19 11:09:09 CEST 2006


we use stunnel in server-mode where an SSL enabled client can connect to
our stunnel, and then stunnel connects to a non-SSL backend server.
The backend server logs incoming connections from stunnel (source IP and
port), but stunnel doesn't log the same information. This makes it
difficult to match logs between stunnel and the backend.

This patch solves exactly this problem.

I rewrote the patch so that it can be cleanly applied to any future (and
past) version of stunnel.

>From the website:
"How do I get a patch included into the release versions of Stunnel?
 Only patches released into the public domain stand a chance of getting into the actual Stunnel source. This means revised BSD patches are likely acceptable. Original BSD and GNU patches are not for example."

Since I would like very much that this patch makes it into the next release, I'll release it into the public domain or any other license that makes this possible.

kind regards,
My amazon wishlist:
-------------- next part --------------
diff -Naur stunnel-4.18/src/client.c stunnel-4.18-extra-logging/src/client.c
--- stunnel-4.18/src/client.c	2006-08-23 11:35:32.000000000 +0200
+++ stunnel-4.18-extra-logging/src/client.c	2006-10-05 10:20:03.672581056 +0200
@@ -928,6 +928,18 @@
+void connect_log_source(int s) {
+    struct sockaddr_in cliaddr;
+    socklen_t cliaddrlen = sizeof(struct sockaddr_in);
+    memset(&cliaddr, 0, sizeof(cliaddr));
+    if (getsockname(s, (struct sockaddr *) &cliaddr, &cliaddrlen)) {
+        sockerror("getsockname() error");
+    } else {
+        s_log(LOG_NOTICE,"connected to backend from %s:%d", inet_ntoa(cliaddr.sin_addr), ntohs(cliaddr.sin_port));
+    }
 static int connect_remote(CLI *c) { /* connect to remote host */
     SOCKADDR_UNION bind_addr, addr;
     SOCKADDR_LIST resolved_list, *address_list;
@@ -975,6 +987,7 @@
         if(!connect(c->fd, &addr.sa, addr_len(addr))) {
+            connect_log_source(fd);
             return fd; /* no error -> success (should not be possible) */
@@ -989,6 +1002,7 @@
             longjmp(c->err, 1);
+        connect_log_source(fd);
         return fd; /* success! */
     longjmp(c->err, 1);

More information about the stunnel-users mailing list