On Tue, Oct 08, 2013 at 11:14:26PM +0200, Nicolas Vinot wrote:
> Package: proxytunnel
> Version: 1.9.0-6
> Severity: wishlist
> Tags: patch
> Hello Debian maintainers,
> Here is a tiny patch to add SNI support to proxytunnel.
> Tested with my remote apache proxy, seems working and allow to not reserve 
> the 
> default apache vhost for proxytunnel and really use a full dedicated vhost 
> for 
> proxying.
> Could you integrate it to your next version ?
> I will try to propagate it upstream, but because the OpenSSL to GNUTLS Debian 
> patch, it's not possible immediatly.

Hello Nicolas!

Thanks for this patch.  I've just uploaded version 1.9.0+svn250-1 to
unstable, which reverts to using OpenSSL (due to a change in license
conditions allowing this to happen).  I've tried writing a version of
your patch for OpenSSL, which seems to work.  Attached is the patch
I've used (in comparison to 1.9.0+svn250-1, not including the
changelog); does this seem to be correct to you?  If so, I'll upload
-2 to unstable.

Best wishes,

--- a/ptstream.c
+++ b/ptstream.c
@@ -161,13 +161,24 @@
 #ifdef USE_SSL
        SSL *ssl;
        SSL_CTX *ctx;
+       int ret;
        /* Initialise the connection */
        ctx = SSL_CTX_new (SSLv3_client_method());
        ssl = SSL_new (ctx);
+       if (args_info.verbose_flag) {
+               message("Set SNI hostname to %s\n", args_info.proxyhost_arg);
+       }
+       ret = SSL_set_tlsext_host_name(ssl, args_info.proxyhost_arg);
+       if (!ret) {
+               message("TLS SNI error, giving up: SSL_set_tlsext_host_name 
+               exit(1);
+       }
        SSL_set_rfd (ssl, stream_get_incoming_fd(pts));
        SSL_set_wfd (ssl, stream_get_outgoing_fd(pts)); 
        SSL_connect (ssl);

Reply via email to