Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Merge branch 'x-ssl-protocol'

  • Loading branch information...
commit 9eba4ce9ee549cb03dce430fab2e13d73d612e84 2 parents 49ba57c + e6d4402
@copiousfreetime copiousfreetime authored
View
1  .gitignore
@@ -1,3 +1,4 @@
*~
*.o
upstream
+*.tgz
View
5 doc/stunnel.8
@@ -563,6 +563,11 @@ enable transparent proxy support on selected platforms
.IX Item "xforwardedfor = yes | no"
append an 'X-Forwarded-For:' HTTP request header providing the
client's IP address to the server.
+.IP "\fBxsslprotocol\fR = yes | no" 4
+.IX Item "xsslprotocol= yes | no"
+append an 'X-SSL-Protocol:' HTTP request header providing the
+client's SSL protocol to the server. This should be one of SSLv2, SSLv3,
+TLSv1 or unknown. It is the value returned from SSL_get_version().
.Sp
Supported values:
.RS 4
View
22 src/client.c
@@ -87,7 +87,7 @@ CLI *alloc_client_session(SERVICE_OPTIONS *opt, int rfd, int wfd) {
}
c->opt=opt;
/* some options need space to add some information */
- if (c->opt->option.xforwardedfor)
+ if (c->opt->option.xforwardedfor || c->opt->option.xsslprotocol)
c->buffsize = BUFFSIZE - BUFF_RESERVED;
else
c->buffsize = BUFFSIZE;
@@ -619,7 +619,7 @@ static void transfer(CLI *c) {
num=SSL_read(c->ssl, c->ssl_buff+c->ssl_ptr, c->buffsize-c->ssl_ptr);
switch(err=SSL_get_error(c->ssl, num)) {
case SSL_ERROR_NONE:
- if (c->buffsize != BUFFSIZE && c->opt->option.xforwardedfor) { /* some work left to do */
+ if (c->buffsize != BUFFSIZE && (c->opt->option.xforwardedfor || c->opt->option.xsslprotocol) ) { /* some work left to do */
int last = c->ssl_ptr;
c->ssl_ptr += num;
@@ -676,6 +676,24 @@ static void transfer(CLI *c) {
* as wee need to.
*/
}
+
+ if (c->opt->option.xsslprotocol) {
+ /* X-SSL-Protocol: xxxxx\r\n\0 */
+ char xsslp[16 + SSL_PROTO_LEN + 3];
+
+ /* We will insert our X-SSL-Protocol: header here.
+ * We need to write the protocol, but if we use
+ * sprintf, it will pad with the terminating 0.
+ * So we will pass via a temporary buffer allocated
+ * on the stack.
+ */
+ strncpy(xsslp, "X-SSL-Protocol: ", 16);
+ strcat(xsslp, SSL_get_version(c->ssl));
+ strcat(xsslp, "\r\n");
+ buffer_insert(c->ssl_buff, &last, &c->ssl_ptr, c->buffsize, xsslp);
+ }
+
+
}
}
else
View
3  src/common.h
@@ -55,6 +55,9 @@
/* maximum space reserved for header insertion in BUFFSIZE */
#define BUFF_RESERVED 1024
+/* SSL Protocol Length (SSLv2, SSLv3, TLSv1, unknown) */
+#define SSL_PROTO_LEN 7
+
/* IP address and TCP port textual representation length */
#define IPLEN 128
View
23 src/options.c
@@ -841,6 +841,29 @@ static char *parse_service_option(CMD cmd, SERVICE_OPTIONS *section,
break;
}
+ /* xsslprotocol */
+ switch(cmd) {
+ case CMD_INIT:
+ section->option.xsslprotocol=0;
+ break;
+ case CMD_EXEC:
+ if(strcasecmp(opt, "xsslprotocol"))
+ break;
+ if(!strcasecmp(arg, "yes"))
+ section->option.xsslprotocol=1;
+ else if(!strcasecmp(arg, "no"))
+ section->option.xsslprotocol=0;
+ else
+ return "argument should be either 'yes' or 'no'";
+ return NULL; /* OK */
+ case CMD_DEFAULT:
+ break;
+ case CMD_HELP:
+ s_log(LOG_NOTICE, "%-15s = yes|no append an HTTP X-SSL-Protocol header",
+ "xsslprotocol");
+ break;
+ }
+
/* exec */
switch(cmd) {
case CMD_INIT:
View
1  src/prototypes.h
@@ -172,6 +172,7 @@ typedef struct service_options_struct {
unsigned int client:1;
unsigned int delayed_lookup:1;
unsigned int xforwardedfor:1;
+ unsigned int xsslprotocol:1;
unsigned int accept:1;
unsigned int remote:1;
unsigned int retry:1; /* loop remote+program */
Please sign in to comment.
Something went wrong with that request. Please try again.