Package: proxytunnel Version: 1.9.0-6 Severity: wishlist Tags: patch --- Please enter the report below this line. ---
Hello Debian maintainers, Here is a tiny patch to add SNI support to proxytunnel. Tested with my remote apache proxy, seems working and allow to not reserve the default apache vhost for proxytunnel and really use a full dedicated vhost for proxying. Could you integrate it to your next version ? I will try to propagate it upstream, but because the OpenSSL to GNUTLS Debian patch, it's not possible immediatly. Regards --- System information. --- Architecture: amd64 Kernel: Linux 3.10-3-amd64 --- Package information. --- Depends (Version) | Installed ==============================-+-=============== libc6 (>= 2.15) | 2.17-93 libgnutls26 (>= 2.12.17-0) | 2.12.23-7 libmhash2 | 0.9.9.9-3 -- Nicolas Vinot
Description: Server Name Indication support See RFC #3546 (https://tools.ietf.org/html/rfc3546#section-3.1) Author: Nicolas Vinot <aeris+deb...@imirhil.fr> Forwarded: no Last-Update: 2013-10-08 --- a/ptstream.c +++ b/ptstream.c @@ -164,13 +164,21 @@ int stream_enable_ssl(PTSTREAM *pts) { #ifdef USE_SSL int ret; - + /* Initialise the context, copied from example in GNUTLS manual */ gnutls_init(&pts->session, GNUTLS_CLIENT); gnutls_priority_set_direct(pts->session, "PERFORMANCE", NULL); /* gnutls_credentials_set(pts->session, GNUTLS_CRD_ANON, anoncred); */ /* Use X.509 rather than anonymous */ gnutls_credentials_set(pts->session, GNUTLS_CRD_CERTIFICATE, xcred); + if ( args_info.verbose_flag ) { + message( "Set SNI hostname to %s\n", args_info.proxyhost_arg ); + } + ret = gnutls_server_name_set(pts->session, GNUTLS_NAME_DNS, args_info.proxyhost_arg, strlen(args_info.proxyhost_arg)); + if (ret < 0) { + message( "TLS SNI error, giving up: gnutls_server_name_set returned error message:\n %s\n", gnutls_strerror(ret) ); + exit( 1 ); + } gnutls_transport_set_ptr2(pts->session, (gnutls_transport_ptr_t) stream_get_incoming_fd(pts),
signature.asc
Description: This is a digitally signed message part.