--------------------------------------------------------------------------- It has been brought to my attention that the description I wrote regarding the proxy patch (http://www.stunnel.org/patches/desc/proxy_sweeheng.html) is HIGHLY misleading. It makes one think that the patch will allow stunnel to use ANY web proxy, irregardless of whether they support SSL proxying. A more accurate description is that the patch allows stunnel to go through web proxies supporting SSL proxying (using the CONNECT command). Can you kindly prepend THIS email to the description at the above URL? Thanks. Apologies for the inconvenience and misunderstanding caused. Swee Heng --------------------------------------------------------------------------- Hi there, This is a patch to support web proxies (eg. Squid, Apache with mod_proxy). It allows stunnel (in client mode) to connect to a remote SSL service via a web proxy. SCENARIO: ========= Consider the following setup, in which there is no way to connect to the SSL service except via the web proxy: non-SSL _______ web _______ SSL Lynx proxy service Under such circumstances, we run a copy of the patched stunnel (in client mode) on the Lynx machine. By pointing Lynx at stunnel, we will be able to connect to the remote SSL service via the web proxy. MODIFICATIONS TO THE CODE: ========================== 1. Added an additional OPT_WEBPROXY option to common.h 2. Added an extra command line parameter -Z to specify remote SSL host. 3. Added a connect_to_finaldest() function to make a "CONNECT remoteSSLhost:port HTTP/1.0" request AFTER a socket to the web proxy has been established. The exact content of "remoteSSLhost:port" is the string after the -Z option. 4. Modifiy the help messages to include -Z TESTING: ======== The code has been tested on RedHat Linux 6.2 with Squid and Apache web proxies. It has not been tested on the Windows platform yet. HOW TO USE PATCH: ================= 1. patch -p0 < proxy.patch 2. cd stunnel-3.14 3. ./configure; make; make install; HOW TO USE PATCHED STUNNEL: =========================== Suppose your web proxy is listening on port 8080 of proxy.your.domain and your final destination is ssl.netcraft.net on port 443. On your local machine, do the following: stunnel -c -d localhost:8888 -r proxy.your.domain:8080 -Z ssl.netcraft.net:443 Then lynx http://localhost:8888/ should connect you to your destination. BUGS: ===== If you have any suggestions or bug reports, please send them to . Thank you. Regards, Swee Heng