Stunnel.org  
   
Home
About
News
Faq
Examples
Download
Patches
Support
Related
<Patch List> <Patch Directory>
Patch info for setenv_mf

Patch info for setenv_mf

CreatorMarkus Foerster
Patch to Version3.11
Typefeature
Patchsetenv_mf.patch
Description

(Full Text)

Have Stunnel set several environment variables that are related to the SSL session, such as the client side certificate.

Author Comments




When stunnel starts a local program, this program has no chance of
getting aware of the certificate used for establishing the SSL
connection. It is fine that it is only started if the client has been
successfully authenticated, but after that, my script needs to know
which certificate was used for this, to distinguish between the
clients.

The attached patch delays the execution of the local program until
after the SSL handshake (unless a protocol must be negotiated), and
sets some environment variables similar to Apache-SSL:

SSL=on
SSL_CIPHER=DES-CBC3-SHA
SSL_KEYSIZE=168
SSL_PROTOCOL_VERSION=SSLv3
SSL_CLIENT_DN=/C=DE/ST=Germany/...
SSL_CLIENT_I_DN=/C=DE/ST=Germany/...




This website makes patches available for use by the Internet community. However it does not endorse any of the patches contained herein. They could be work perfectly, or totally foul up everything. We don't know. Contact the authors if you have any questions. Use at your own risk.

The Stunnel software package does not contain any cryptography itself, however please remember that import and/or export of cryptographic software, code providing hooks to cryptographic algorithms, and discussion about cryptography is illegal in some countries. It is imperative for you to know your local laws governing cryptography. We're not liable for anything you do that violates your local laws.