Your message dated Sun, 26 Jan 2014 23:49:26 +0000
with message-id <[email protected]>
and subject line Bug#725830: fixed in proxytunnel 1.9.0+svn250-2
has caused the Debian Bug report #725830,
regarding [proxytunnel] SNI TLS support
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
725830: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725830
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: proxytunnel
Version: 1.9.0-6
Severity: wishlist
Tags: patch
--- Please enter the report below this line. ---
Hello Debian maintainers,
Here is a tiny patch to add SNI support to proxytunnel.
Tested with my remote apache proxy, seems working and allow to not reserve the
default apache vhost for proxytunnel and really use a full dedicated vhost for
proxying.
Could you integrate it to your next version ?
I will try to propagate it upstream, but because the OpenSSL to GNUTLS Debian
patch, it's not possible immediatly.
Regards
--- System information. ---
Architecture: amd64
Kernel: Linux 3.10-3-amd64
--- Package information. ---
Depends (Version) | Installed
==============================-+-===============
libc6 (>= 2.15) | 2.17-93
libgnutls26 (>= 2.12.17-0) | 2.12.23-7
libmhash2 | 0.9.9.9-3
--
Nicolas Vinot
Description: Server Name Indication support
See RFC #3546 (https://tools.ietf.org/html/rfc3546#section-3.1)
Author: Nicolas Vinot <[email protected]>
Forwarded: no
Last-Update: 2013-10-08
--- a/ptstream.c
+++ b/ptstream.c
@@ -164,13 +164,21 @@
int stream_enable_ssl(PTSTREAM *pts) {
#ifdef USE_SSL
int ret;
-
+
/* Initialise the context, copied from example in GNUTLS manual */
gnutls_init(&pts->session, GNUTLS_CLIENT);
gnutls_priority_set_direct(pts->session, "PERFORMANCE", NULL);
/* gnutls_credentials_set(pts->session, GNUTLS_CRD_ANON, anoncred); */
/* Use X.509 rather than anonymous */
gnutls_credentials_set(pts->session, GNUTLS_CRD_CERTIFICATE, xcred);
+ if ( args_info.verbose_flag ) {
+ message( "Set SNI hostname to %s\n", args_info.proxyhost_arg );
+ }
+ ret = gnutls_server_name_set(pts->session, GNUTLS_NAME_DNS, args_info.proxyhost_arg, strlen(args_info.proxyhost_arg));
+ if (ret < 0) {
+ message( "TLS SNI error, giving up: gnutls_server_name_set returned error message:\n %s\n", gnutls_strerror(ret) );
+ exit( 1 );
+ }
gnutls_transport_set_ptr2(pts->session,
(gnutls_transport_ptr_t) stream_get_incoming_fd(pts),
signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---
Source: proxytunnel
Source-Version: 1.9.0+svn250-2
We believe that the bug you reported is fixed in the latest version of
proxytunnel, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Julian Gilbey <[email protected]> (supplier of updated proxytunnel package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 26 Jan 2014 23:08:39 +0000
Source: proxytunnel
Binary: proxytunnel
Architecture: source amd64
Version: 1.9.0+svn250-2
Distribution: unstable
Urgency: low
Maintainer: Julian Gilbey <[email protected]>
Changed-By: Julian Gilbey <[email protected]>
Description:
proxytunnel - Create tcp tunnels trough HTTPS proxies, for using with SSH
Closes: 725830
Changes:
proxytunnel (1.9.0+svn250-2) unstable; urgency=low
.
* Add support for TLS SNI (Closes: #725830)
Checksums-Sha1:
65aacfe5055b0c569fcfc25074ec31c022444dd1 1115 proxytunnel_1.9.0+svn250-2.dsc
078a74b3096116aa6e1c84a831a76e4dac8a8f52 11425
proxytunnel_1.9.0+svn250-2.debian.tar.gz
3ea67fb3a202519156a68e84e264f483dbb5ec17 36632
proxytunnel_1.9.0+svn250-2_amd64.deb
Checksums-Sha256:
48c6c6e9b0da92bc3c88fb3e0dc2fbf72173ed224cb8cda30b663a6ca5a9861c 1115
proxytunnel_1.9.0+svn250-2.dsc
f50c716d6e3661c098139bbf5b44a944fa733e747c5a4b1025ba10dda0198be6 11425
proxytunnel_1.9.0+svn250-2.debian.tar.gz
401379922f85304602858fa0a0433b7d5addd692c1664dc1520105c86e524dee 36632
proxytunnel_1.9.0+svn250-2_amd64.deb
Files:
d054b138845ba689a30651c0ab49a0ae 1115 net optional
proxytunnel_1.9.0+svn250-2.dsc
3c86aea2e3e31e04f84212ae5f73eb00 11425 net optional
proxytunnel_1.9.0+svn250-2.debian.tar.gz
cde5f50ed64cdcf1d58aa8a46aa7533a 36632 net optional
proxytunnel_1.9.0+svn250-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlLlm94ACgkQDU59w/205FkBegCfXD9+qZPKszcnCmpvgw6adLct
BQIAni+G3Vkdts5c5qbjOXjcH+s73iB6
=3bld
-----END PGP SIGNATURE-----
--- End Message ---