Hi, Mike!
I have analyze your fix and found mistake :(
We will switch to target SNI section after init_ssl(c) only, thereby
init_remote(c) will be connect to wrong destination.
if(!c->opt->option.client && c->opt->protocol<0
#ifndef OPENSSL_NO_TLSEXT
&& !c->opt->servername_list_head
#endif
) {
/* server mode and no protocol negotiation needed */
init_ssl(c);
init_remote(c);
} else { /* client mode or protocol negotiation enabled */
protocol(c, PROTOCOL_PRE_CONNECT);
init_remote(c); <<<<<<<<<< Incorrect destination
protocol(c, PROTOCOL_PRE_SSL);
init_ssl(c); <<<<<<<<<<< switch to target SNI config section only there
protocol(c, PROTOCOL_POST_SSL);
}
/Alexey V. Drozdov
e-mail: [email protected]
_______________________________________________
stunnel-users mailing list
[email protected]
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
