stunnel-4.29 is the last available version, 4.31 is online since 2/3/2010. Here are major update: - Graceful configuration reload with HUP signal on Unix - Log file reopen on USR1 signal was added. - Regression fixes Reproducible: Always
Created attachment 220859 [details, diff] stunnel-4.29-xforwarded-for.patch Patch for stunnel that can insert a forwardfor header rediffed against 4.29, original Patch from http://haproxy.1wt.eu/download/patches/stunnel-4.22-xforwarded-for.diff
Created attachment 220861 [details, diff] stunnel-4.31-xforwarded-for.patch Same, but for 4.31
Created attachment 220863 [details] stunnel-4.29-r1.ebuild Updated ebuild for stunnel-4.29 with xforwardfor support
Text quoted from http://haproxy.1wt.eu/: X-Forwarded-For support for Stunnel Stunnel currently makes a perfect complement to provide SSL client-side support to HAProxy. However, since Stunnel is a proxy an has no knowledge of HTTP, the client's IP address was lost, which is somewhat annoying. A few patches were available on the Net to add the X-Forwarded-For header, but they introduced an undesirable buffer overflow. So I took my courage and wrote a reliable and secure patch to implement this useful feature. I sent it to Stunnel's authors but got no feedback. So the patch is provided here for Stunnel-4.14, 4.15, 4.20 and 4.22 in the hope it will be useful to some people. It would be very cool, to have a USE-Flag for that. :)
(In reply to comment #4) > Text quoted from http://haproxy.1wt.eu/: > > X-Forwarded-For support for Stunnel <snip> > It would be very cool, to have a USE-Flag for that. :) I've bumped 4.31 however when I tried your patch the compile failed with an error. I tried the patch for 4.29 and it appears to work fine so I created 4.29-r1 with the patch and just did a simple bump for 4.31 without the patch. Can you please provide a new patch that works for 4.31? Thanks-
Created attachment 222701 [details, diff] stunnel-4.31-xforwarded-for.patch
Created attachment 222703 [details, diff] stunnel-4.29-xforwarded-for.patch
Thanks for adding it to .29-r1! :) There is an modified patch, which is also online on the official haproxy website: http://haproxy.1wt.eu/download/patches/ - both would not build for Willy Tarreau (haproxy maintainer & patch author), because LOG_RAW was not defined, and the rest of src/options.c uses LOG_NOTICE, so he changed that - I somehow killed the french chars - additional built problem with 4.31 because of fuzz factor failure I will do some tests tests later. Sorry for the bad quality of the .31 patch. :(
Created attachment 223779 [details, diff] stunnel-4.29-x-forwarded-for.patch Now without correct line breaks.
Created attachment 223781 [details, diff] stunnel-4.31-x-forwarded-for.patch Now without correct line breaks.
Patches apply cleanly now. :)
Thanks, finally committed it!
