[stunnel-users] Adding custom HTTP headers to a proxy'ed HTTP request when stunnel is used as an endpoint for a HTTP proxy

Tony Cheneau tony.cheneau at ssi.gouv.fr
Sun Sep 2 23:18:36 CEST 2018

Good evening folks,

Michal was kind enough to review and rewrite/integrate one of my patches
for logging session IDs [1] and post the remaining ones on the website [2]!

So, I feel I should also contribute to this list a little program I
wrote. It is meant to be used with the exec= directive. It is mostly
useful when stunnel is used to secure a connexion between a client and a
HTTP proxy. A stunnel instance can run locally on the client while a
stunnel server runs on the HTTP proxy:

HTTP client (proxy'ed) <- > stunnel client <--> stunnel server <-> HTTP

Here, the "exec=" program will run on the stunnel server and add some
extra headers to each HTTP request. One of this headers is the client's
Distinguished Name (from its X.509 certificate). The HTTP proxy (squid
for example) can then make some decision based on this HTTP header
(authorisation, etc.).

It relies heavily on PicoHTTPParser.

Tony Cheneau

[1]: to appear in version 5.49, see

[2]: patches 0002 and 0003 on https://www.stunnel.org/patches.html

-------------- next part --------------
A non-text attachment was scrubbed...
Name: http_insert_proxy.tar.gz
Type: application/gzip
Size: 14531 bytes
Desc: not available
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20180902/b2dcc58f/attachment.gz>

More information about the stunnel-users mailing list