Good evening folks,

Michal was kind enough to review and rewrite/integrate one of my patches
for logging session IDs [1] and post the remaining ones on the website [2]!

So, I feel I should also contribute to this list a little program I
wrote. It is meant to be used with the exec= directive. It is mostly
useful when stunnel is used to secure a connexion between a client and a
HTTP proxy. A stunnel instance can run locally on the client while a
stunnel server runs on the HTTP proxy:

HTTP client (proxy'ed) <- > stunnel client <--> stunnel server <-> HTTP
proxy

Here, the "exec=" program will run on the stunnel server and add some
extra headers to each HTTP request. One of this headers is the client's
Distinguished Name (from its X.509 certificate). The HTTP proxy (squid
for example) can then make some decision based on this HTTP header
(authorisation, etc.).

It relies heavily on PicoHTTPParser.

Regards,
Tony Cheneau

[1]: to appear in version 5.49, see
https://www.stunnel.org/sdf_ChangeLog.html

[2]: patches 0002 and 0003 on https://www.stunnel.org/patches.html