Stunnel.org

Patch info for setenv_mf

Creator	Markus Foerster
Patch to Version	3.11
Type	feature
Patch	setenv_mf.patch
Description (Full Text)	Have Stunnel set several environment variables that are related to the SSL session, such as the client side certificate.

Author Comments




When stunnel starts a local program, this program has no chance of
getting aware of the certificate used for establishing the SSL
connection. It is fine that it is only started if the client has been
successfully authenticated, but after that, my script needs to know
which certificate was used for this, to distinguish between the
clients.

The attached patch delays the execution of the local program until
after the SSL handshake (unless a protocol must be negotiated), and
sets some environment variables similar to Apache-SSL:

SSL=on
SSL_CIPHER=DES-CBC3-SHA
SSL_KEYSIZE=168
SSL_PROTOCOL_VERSION=SSLv3
SSL_CLIENT_DN=/C=DE/ST=Germany/...
SSL_CLIENT_I_DN=/C=DE/ST=Germany/...

This website makes patches available for use by the Internet community. However it does not endorse any of the patches contained herein. They could be work perfectly, or totally foul up everything. We don't know. Contact the authors if you have any questions. Use at your own risk.

The Stunnel software package does not contain any cryptography itself, however please remember that import and/or export of cryptographic software, code providing hooks to cryptographic algorithms, and discussion about cryptography is illegal in some countries. It is imperative for you to know your local laws governing cryptography. We're not liable for anything you do that violates your local laws.