[stunnel-users] Using stunnel to secure clients instead of servers

Ludolf Holzheid lholzheid at bihl-wiedemann.de
Wed Jan 7 20:09:36 CET 2015

On Wed, 2015-01-07 12:41:20 -0500, Leon Smith wrote:
> [..]
> Hmm, what do you mean by "no proxy involved?"    Unless I'm modifying the
> source,  wouldn't using stunnel essentially always be proxy?

No.  Stunnel does not mimic an HTTP proxy.  It's rather something like
an TCP port forwarder, with the addition of encrypting/decrypting
while forwarding.

> To be even more explicit,  the HTTP client is cabal-install,  which is a
> program that downloads and compiles code from the Hackage public source
> code repository for Haskell.    cabal-install is HTTP only,  whereas
> Hackage supports both HTTP and HTTPS.

This will be easy to set up if hackage.haskell.org uses relative URLs
(this seems to be the case)¹ and you can tell cabal-install to use
'http://localhost:<stunnel port>' instead of 'http://hackage.haskell.org'.



¹ That is, hackage.haskell.org links to e.g. clckwrks-0.22.4.tar.gz as
  <a href="/package/clckwrks-0.22.4/clckwrks-0.22.4.tar.gz"> instead
  of <a href="http://hackage.haskell.org/package/clckwrks-0.22.4/clckwrks-0.22.4.tar.gz">.


Bihl+Wiedemann GmbH
Floßwörthstraße 41
68199 Mannheim, Germany
Tel: +49 621 33996-0
Fax: +49 621 3392239
mailto:lholzheid at bihl-wiedemann.de
Sitz der Gesellschaft: Mannheim
Geschäftsführer: Jochen Bihl, Bernhard Wiedemann
Amtsgericht Mannheim, HRB 5796

More information about the stunnel-users mailing list