Patch info for vandrove_oob

Author Comments

Date: Thu, 2 Aug 2001 19:24:50 +0200
From: Petr Vandrovec <vandrove@vc.cvut.cz>
Subject: [PATCH] stunnel 3.18 and out of band data

Hi,
   current stunnel version (and probably all which understand SO_OOBINLINE)
has problem that OOB data written by some application into stream are
delivered to the application on other end of wire as standard inline data.
This causes severe screwup for example for Oracle sqlnet connections,
as sqlnet synchronization is lost and connection is killed by server
due to invalid incoming data.

   Because of stunnel does not use any protocol on the top of SSL stream,
it looks to me that it is impossible to deliver OOB data to the other
end of tunnel correctly as OOB.

   But because of it is possible that some apps can survive even OOB data
incoming in non-OOB stream (I do not know such, but I'm sure that OOBINLINE
code is in ssl.c for some reason...), I wrote patch below which adds
option '-O'. When this option is specified, OOB data are ignored by
stunnel. If '-O' is not specified, code behaves as older version did -
when machine supports OOBINLINE, OOB data are passed inline, otherwise
they are ignored.
                                        Thanks,
                                                Petr Vandrovec

This website makes patches available for use by the Internet community. However it does not endorse any of the patches contained herein. They could be work perfectly, or totally foul up everything. We don't know. Contact the authors if you have any questions. Use at your own risk.

The Stunnel software package does not contain any cryptography itself, however please remember that import and/or export of cryptographic software, code providing hooks to cryptographic algorithms, and discussion about cryptography is illegal in some countries. It is imperative for you to know your local laws governing cryptography. We're not liable for anything you do that violates your local laws.