Hi,
I try to use PROXY protocol ability for my virtual server, but this options
work for root section only.
E.g. it not work for this simple case:
[virtual_server]
accept = 443
connect = localhost:1081
cert = /etc/stunnel/serverCA.crt
key = /etc/stunnel/serverCA.key
verify = 2
CAfile = /etc/stunnel/serverCA.crt
[server_ru]
sni = virtual_server:server.ru
cert = /etc/stunnel/server.cer
key = /etc/stunnel/server.pem
connect = localhost:7000
protocol = proxy <-- option don not work there
This problem exist due some code bug:
NOEXPORT void client_try(CLI *c)
{
init_local(c);
if(!c->opt->option.client && c->opt->protocol<0) // <-- condition is true
in spite of setup protorol=proxy
{
init_ssl(c);
// we'll switch to target section (c->opt) there only!
init_remote(c);
}
else
{
protocol(c, PROTOCOL_PRE_CONNECT);
init_remote(c);
protocol(c, PROTOCOL_PRE_SSL);
init_ssl(c);
protocol(c, PROTOCOL_POST_SSL);
}
...
Simple adhoc solution work for me:
if(!c->opt->option.client && c->opt->protocol<0) // <-- condition is true
in spite of setup protorol=proxy
{
init_ssl(c);
init_remote(c);
// force initiate PROXY protocol
protocol(c, PROTOCOL_PRE_SSL);
}
It's crutch and not general solution certain. But some code refactoring needs
for more correct fix.
I think that this bug will be fixed in future versions.
Thanks for stunnel! :)
/Alexey V. Drozdov
e-mail: [email protected]
_______________________________________________
stunnel-users mailing list
[email protected]
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
