A simple HTTP header injection program
======================================

This directory contains a short program that adds extra header to HTTP
requests after it has been unwrapper by stunnel. The stunnel endpoint can be
connected to a squid proxy instance. It as very little value on its own.

Dependencies
------------

The "deps" directory contains the picoHTTPParser [1] library.

Usage
-----

    Usage http_proxy: [-v] -c host -p port
      -v: verbose mode
      -d: set debug level (-d: client header dump, -dd: client/server exchanges)
      -c: host to connect to
      -p: port to connect to

      -h: print this message\n", pid);

How to use
----------

This program is expected to be used with the exec= directive of stunnel.

Your stunnel.conf file could look like this (assuming you have squid instance
running on 192.168.1.2 on port 3128):
  
  [Proxy_test]
  accept=8081
  exec=/usr/local/bin/http_proxy
  execArgs=http_proxy -v -c 192.168.1.2 -p 3128

Why would you want to use it
----------------------------

This program is only useful when chained to a proxy (squid, apache, and such) that
will make some use of the three customs HTTP headers inserted to each parsed requests:

- "SSL_CLIENT_VERIFY: SUCCESS": this header is static and shows the secure
  connection was successful (unsecure one don't get to connect to the proxy)
- "SSL_CLIENT_S_DN: XXX" where XXX is the client's Distinguished Name
  (extracted from its X.509 certificate by stunnel)
- "X-Stunnel-ID: XXX" where XXX is a random number for each invocation of the
  command

How to build
------------

The program comes with a simple Makefile. You should be able to build it with
the make command.


[1]: https://github.com/h2o/picohttpparser
