Skip to content
This repository has been archived by the owner on May 24, 2022. It is now read-only.

Stud client mode #79

Merged
merged 4 commits into from
Jun 2, 2012
Merged

Stud client mode #79

merged 4 commits into from
Jun 2, 2012

Conversation

EmericBr
Copy link

@EmericBr EmericBr commented Mar 5, 2012

Add ssl client mode for bench or test purpose.

One commit modify FSM in normal (server) mode to prevent connection to backend in case of handshake failure.

What do you think about ?

Emeric added 4 commits March 2, 2012 18:31
FIX on send PROXY header if handshake is not finished.
FIX if client starts renegotiation and server continue to send data, or ring_down buffer is not empty.
Add define to compile without defer accept for banners protocols
…more safe and prepare client certificate management.

Add proxy line is performed only after handshake to prepare PROXY protocol extension to include SSL data.
@jamwt
Copy link
Member

jamwt commented Mar 15, 2012

Huh.. so idea is you act as a forward proxy for an http client talking in the clear? Interesting...

@jamwt
Copy link
Member

jamwt commented Mar 15, 2012

(s/http client/any client really)

@ibc
Copy link

ibc commented Apr 7, 2012

I would be very interested in "reverse" Stud, this is:

  • Stud receives a TCP connection with a leading line indicating the TLS destination address (ipv4/ipv6:IP:port).
  • Stud makes a new TLS connection to that address (or reuses an existing connection if already exists).
  • Stud must be able to present a TLS client certificate.
  • Once the TLS connection is done, Stud sends the TLS certificate chain (in PEM format) got from the server to the TCP client (using some new protocol), so the TCP client can validate it and react.

Perhaps too complex for the original purpose of Stud :)

@EmericBr
Copy link
Author

In your shema client certificate presented by stud is configured on stud or passed to stud by the client in "specific" certificate?

The last point need advanced dev and hard to do on my free time.

@EmericBr
Copy link
Author

Is it for an HTTP service ? i think it is more clean to store destination ip and returned PEM certificate into an http headers.

@ibc
Copy link

ibc commented Apr 10, 2012

My vision is that Stud is configured with the TLS client certificate, remote certificate validation options and so.

In my case it's not for HTTP.

jamwt pushed a commit that referenced this pull request Jun 2, 2012
@jamwt jamwt merged commit 84797cc into bumptech:master Jun 2, 2012
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants