Stunnel.org  
   
Home
About
News
Faq
Examples
Download
Patches
Support
Related
<Patch List> <Patch Directory>
Patch info for proxy_sweeheng

Patch info for proxy_sweeheng

CreatorTan Swee Heng
Patch to Version3.14
TypeNew Feature
Patchproxy_sweeheng.patch
Description

(Full Text)

Patch Stunnel to support web proxies (squid, etc.)

Author Comments




---------------------------------------------------------------------------

It has been brought to my attention that the description I wrote regarding
the proxy patch (http://www.stunnel.org/patches/desc/proxy_sweeheng.html)
is HIGHLY misleading. It makes one think that the patch will allow stunnel
to use ANY web proxy, irregardless of whether they support SSL proxying.
 
A more accurate description is that the patch allows stunnel to go through
web proxies supporting SSL proxying (using the CONNECT command).

Can you kindly prepend THIS email to the description at the above URL?
Thanks. Apologies for the inconvenience and misunderstanding caused.

Swee Heng

---------------------------------------------------------------------------


Hi there,

This is a patch to support web proxies (eg. Squid, Apache with mod_proxy).
It allows stunnel (in client mode) to connect to a remote SSL service via
a web proxy.


SCENARIO:
=========
Consider the following setup, in which there is no way to connect to the
SSL service except via the web proxy:

  non-SSL _______   web  _______    SSL
   Lynx            proxy          service

Under such circumstances, we run a copy of the patched stunnel (in client
mode) on the Lynx machine. By pointing Lynx at stunnel, we will be able to
connect to the remote SSL service via the web proxy.


MODIFICATIONS TO THE CODE:
==========================
1. Added an additional OPT_WEBPROXY option to common.h

2. Added an extra command line parameter -Z to specify remote SSL host.

3. Added a connect_to_finaldest() function to make a "CONNECT
	remoteSSLhost:port HTTP/1.0" request AFTER a socket to the
	web proxy has been established. The exact content of
	"remoteSSLhost:port" is the string after the -Z option.

4. Modifiy the help messages to include -Z


TESTING:
========
The code has been tested on RedHat Linux 6.2 with Squid and Apache web
proxies. It has not been tested on the Windows platform yet.


HOW TO USE PATCH:
=================
1. patch -p0 < proxy.patch
2. cd stunnel-3.14
3. ./configure; make; make install;


HOW TO USE PATCHED STUNNEL:
===========================
Suppose your web proxy is listening on port 8080 of proxy.your.domain and
your final destination is ssl.netcraft.net on port 443. On your local
machine, do the following:

  stunnel -c -d localhost:8888 -r proxy.your.domain:8080
          -Z ssl.netcraft.net:443

Then

  lynx http://localhost:8888/

should connect you to your destination.


BUGS:
=====
If you have any suggestions or bug reports, please send them to
<sweeheng@srikant.org>. Thank you.


Regards,
Swee Heng

This website makes patches available for use by the Internet community. However it does not endorse any of the patches contained herein. They could be work perfectly, or totally foul up everything. We don't know. Contact the authors if you have any questions. Use at your own risk.

The Stunnel software package does not contain any cryptography itself, however please remember that import and/or export of cryptographic software, code providing hooks to cryptographic algorithms, and discussion about cryptography is illegal in some countries. It is imperative for you to know your local laws governing cryptography. We're not liable for anything you do that violates your local laws.