Stunnel.org  
   
Home
About
News
Faq
Examples
Download
Patches
Support
Related
<Patch List> <Patch Directory>
Patch info for conndetails_peter

Patch info for conndetails_peter

CreatorPeter D. Gray
Patch to Version4.04
TypeNew Feature
Patchconndetails_peter.patch
Description

(Full Text)

writes connection details for current tunnel to filesystem

Author Comments


To: stunnel-users@mirt.net
Date: Wed, 19 Mar 2003 14:20:32 -0500
From: "Peter D. Gray" <peter@dmtz.com>
Subject: Patch: writes connection details for current tunnel to filesystem

I often use stunnel to tunnel to servers running on localhost. The
most typical case is using stunnel at 443 tunneled to a port 80 web
server.

Unfortunately, this normally means lots of useful information has
been lost by the time the tunneled server gets a new connection.
This patch writes lots of useful facts about the new client into a
file in a configurable temp directory (config fle: "infodir" option).
The file is deleted when the client disconnects.

Here is an example of the file it creates, for the typically HTTPS
case (with client certificates enabled):

STUNNEL_PID=1083
SERVICE="https"
REMOTE_HOST="10.0.0.1"
REMOTE_PORT=1560
CIPHER_DESC="RC4-MD5 SSLv3 Kx=RSA  Au=RSA  Enc=RC4(128)  Mac=MD5 "
CIPHER_ALGO="RC4-MD5"
CIPHER_BITS=128
SSL_CLIENT_DN="/CN=peter/Email=junk@dmtz.com"
SSL_CLIENT_I_DN="/C=CA/ST=Ontario/L=Richmond Hill/O=Digital Multitools
Inc./OU=DMTZ Root CA (no trust implied)/CN=DMTZ CA/Email=ca@dmtz.com"
TUNNEL_HOST="127.0.0.1"
TUNNEL_PORT=80
LOCAL_HOST="127.0.0.1"
LOCAL_PORT=2089

This file format should be easy to read with shell scripts.  I hope
the above variable names are self-explanatory.

The "info file" will be written to a file named: "conn.LH:LP" where
LH is the value of "LOCAL_HOST" above, and LP is LOCAL_PORT. This
allows the receiving server to use getpeername() and map that
directly to the file that needs to be read. In most cases, LOCAL_HOST
will be 127.0.0.1 but if stunnel was used on a (proxy) machine with
shared NFS-mounted directories, the above information could be read
by a server machine that is on another host.

I thought long and hard about using environment variables and/or
shared libraries to accomplish the same, but I could never be sure
to always be able to get the information I needed. In particular,
I like my tunneled servers to be long-running (not exec'd) so the
filesystem and the tunneled socket itself seem to be the only
communication options I've got.

This patch is in the public domain, use it in good health.

PG

This website makes patches available for use by the Internet community. However it does not endorse any of the patches contained herein. They could be work perfectly, or totally foul up everything. We don't know. Contact the authors if you have any questions. Use at your own risk.

The Stunnel software package does not contain any cryptography itself, however please remember that import and/or export of cryptographic software, code providing hooks to cryptographic algorithms, and discussion about cryptography is illegal in some countries. It is imperative for you to know your local laws governing cryptography. We're not liable for anything you do that violates your local laws.