[prev in list] [next in list] [prev in thread] [next in thread]
List: stunnel-users
Subject: [stunnel-users] Patch: Include source IP in connection failure log
From: Alex Gottschalk <alex.gottschalk () gmail ! com>
Date: 2011-11-23 21:57:12
Message-ID: CAPY8ZqMqb=aLgviDzANxZvioVB3b5k2pZoLiZMK2VN2W+kfqGg () mail ! gmail ! com
[Download RAW message or body]
I'm setting up an internet-facing server that will be running a
service wrapped with stunnel. Given that, it made sense to me to use
fail2ban to block repeat connection attempts from clients who don't
have the right certificate (the system is using client-certificate
authentication). Unfortunately, stunnel4 doesn't put the client
source IP in connection failure log lines, so I made this quick patch
to enable that.
---cut here----
--- src/client.c.orig 2011-10-05 16:47:48.000000000 -0700
+++ src/client.c 2011-10-05 16:50:37.000000000 -0700
@@ -358,10 +358,13 @@
continue;
}
}
- if(c->opt->option.client)
+ if(c->opt->option.client) {
sslerror("SSL_connect");
- else
- sslerror("SSL_accept");
+ } else {
+ char buf[255];
+ sprintf(buf, "SSL_accept from %s ", c->accepted_address);
+ sslerror(buf);
+ }
longjmp(c->err, 1);
}
if(SSL_session_reused(c->ssl)) {
----cut here----
_______________________________________________
stunnel-users mailing list
stunnel-users@stunnel.org
http://stunnel.mirt.net/mailman/listinfo/stunnel-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic