Package: stunnel4 Version: 3:5.56-1 Severity: important Watch this:
$ cat a GET /cgi-bin/conninfo.cgi HTTP/1.0 Host: XXX $ cat a | stunnel4 x $ stunnel4 x <a HTTP/1.1 200 OK […] Of course, in a production scenario, it would not be 'cat a' but a program that dynamically creates output. This is probably the same issue, or similar (not socketpair(2) but pipe(2) is used by the shell) as: https://www.stunnel.org/pipermail/stunnel-users/2009-January/002223.html This is a showstopper for using stunnel in client mode… -- System Information: Debian Release: bullseye/sid APT prefers buildd-unstable APT policy: (500, 'buildd-unstable'), (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.4.0-3-amd64 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8) Shell: /bin/sh linked to /bin/lksh Init: sysvinit (via /sbin/init) Versions of packages stunnel4 depends on: ii adduser 3.118 ii libc6 2.29-9 ii libelogind0 [libsystemd0] 241.3-1+debian2 ii libssl1.1 1.1.1d-2 ii libwrap0 7.6.q-30 ii lsb-base 11.1.0 ii netbase 6.0 ii openssl 1.1.1d-2 ii perl 5.30.0-9 stunnel4 recommends no packages. Versions of packages stunnel4 suggests: pn logcheck-database <none> -- no debconf information