Stunnel.org  
   
Home
About
News
Faq
Examples
Download
Patches
Support
Related
<Patch List> <Patch Directory>
Patch info for proxy_anon

Patch info for proxy_anon

CreatorAnon A. Mous
Patch to Version3.22
TypeNew Feature
Patchproxy_anon.patch
Description

(Full Text)

Proxy Passthru (HTTP CONNECT) patch

Author Comments



(The individual who updated the original patch wishes to remain
aloof and anonymous, hense the bogus author description attached
to this patch - ed.)

----------------------------------------------------------------

I ported to v 3.22 Tan Swee Heng?s patch, allowing connection through a web
proxy. Tan Swee Heng does not seem to support this patch anymore.

This patch allows stunnel (in client mode) to connect to a remote SSL
service via a web proxy. I strongly wish this functionality was merged into
the main stunnel distro. It is not heavy in code but extremely useful for
those of us who have to connect to https servers and see what's going on.
Anyway, it's up to you.


Thank you.  Please find below the updated description of the patch, based on
Swee Heng's.


SCENARIO:
=========
Consider the following setup, in which there is no way to connect to the
SSL service except via the web proxy:

 non-SSL _______   web  _______    SSL
  Lynx            proxy          service

Under such circumstances, we run a copy of the patched stunnel (in client
mode) on the Lynx machine. By pointing Lynx at stunnel, we will be able to
connect to the remote SSL service via the web proxy.


MODIFICATIONS TO THE CODE:
==========================
1. Added an OPT_WEBPROXY option

2. Added a command line parameter -Z to specify remote SSL host.

3. Added a connect_to_finaldest() function to make a "CONNECT
        remoteSSLhost:port HTTP/1.0" request AFTER a socket to the
        web proxy has been established. The exact content of
        "remoteSSLhost:port" is the string after the -Z option.

4. Modifiy the help messages to include -Z


TESTING:
========
The code has been tested on Mandrake Linux 8.2 with Squid and Apache web
proxies. It has not been tested on the Windows platform.


HOW TO USE PATCH:
=================
1. patch -p0 < proxy.patch
2. cd stunnel-3.22
3. ./configure; make; make install;




HOW TO USE PATCHED STUNNEL:
===========================
Suppose your web proxy is listening on port 8080 of proxy.your.domain and
your final destination is ssl.netcraft.net on port 443. On your local
machine, do the following:

 stunnel -c -d localhost:8888 -r proxy.your.domain:8080
         -Z ssl.netcraft.net:443

Then

 lynx http://localhost:8888/

should connect you to your destination.

This website makes patches available for use by the Internet community. However it does not endorse any of the patches contained herein. They could be work perfectly, or totally foul up everything. We don't know. Contact the authors if you have any questions. Use at your own risk.

The Stunnel software package does not contain any cryptography itself, however please remember that import and/or export of cryptographic software, code providing hooks to cryptographic algorithms, and discussion about cryptography is illegal in some countries. It is imperative for you to know your local laws governing cryptography. We're not liable for anything you do that violates your local laws.