Stunnel.org  
   
Home
About
News
Faq
Examples
Download
Patches
Support
Related
<Patch List> <Patch Directory>
Patch info for connect-proxy.mwald

Patch info for connect-proxy.mwald

CreatorMatthias Wald
Patch to Version4.05
TypeNew Feature
Patchconnect-proxy.mwald.patch
Description

(Full Text)

HTTP Connect-style proxy

Author Comments



I must appologize for the short explanation but I am running short in time.

I adapted the "connect-proxy_savardd.patch" to stunnel-4.05.

Thanks to the great work of Daniel Savard.

After the adaption the proxy functionality was not working.
This was because the introduced method "connect_to_finaldest" was
not called in a special return case of the method "connect_remote".
This special case is entered when working with OS Windows as I can read from
the code comments. So I fixed the problem and added an additional call
of "connect_to_finaldest" to send the http "connect..." stuff before doing
ssl handshake. Please oversea some formatting differences. They come from
lots of log lines I've added temporarily for debugging purposes.

I found it useful to add "Proxy-connection: Keep-Alive" and "Pragma:
no-cache" to
the connect string sent to the proxy. This results in not caching the ssl
data transfered
and in keeping the connection alive between calls. Both options could be
made configurable
within the stunnel config file. Feel free to add this functionality.

!!!! Important !!!!
The only scenario I've tested with the proxy functionality is:

MSIE with http -> stunnel on local host -> proxy -> https service in the
internet

!!!!Important!!!!

Please feel free to do more tests and probably fix some more bugs :-))

Have fun!

Kind Regards

Matthias

------

Date: Sat, 24 Apr 2004 14:12:38 +0200
From: Matthias Wald
Subject: connect proxy patch adapted to be more standard conform

Hi,


I have changed again the proxy connection string to be more standard
conform.
Therefore the "Host:" and "Content-Length:" options have been added. Testing
reveiled that a lot of
proxies rejected the connection when this options are missing.
Remember that still "HTTP/1.0" is sent for backwards compatibility where in
fact the request now
is HTTP 1.1 conform.

The header beeing sent looks now like:

CONNECT <host>:<port> HTTP/1.0
Host: <host>:<port>
Content-Length: 0
Proxy-Authorization: Basic <base64Auth>
User-Agent: <UserAgent>
Proxy-Connection: Keep-Alive
Pragma: no-cache


Regards

Matthias

This website makes patches available for use by the Internet community. However it does not endorse any of the patches contained herein. They could be work perfectly, or totally foul up everything. We don't know. Contact the authors if you have any questions. Use at your own risk.

The Stunnel software package does not contain any cryptography itself, however please remember that import and/or export of cryptographic software, code providing hooks to cryptographic algorithms, and discussion about cryptography is illegal in some countries. It is imperative for you to know your local laws governing cryptography. We're not liable for anything you do that violates your local laws.