53 lines
2.5 KiB
Plaintext
53 lines
2.5 KiB
Plaintext
stunnel TODO
|
|
|
|
|
|
High priority features. They will likely be supported some day.
|
|
A sponsor could allocate my time to get them faster.
|
|
* Add client certificate autoselection based on the list of accepted issuers:
|
|
SSL_CTX_set_client_cert_cb(), SSL_get_client_CA_list().
|
|
* Add an Apparmor profile.
|
|
* Optional line-buffering of the log file.
|
|
* Log rotation on Windows.
|
|
* Configuration file option to limit the number of concurrent connections.
|
|
* Implement reference counting of the SERVICE_OPTIONS structure
|
|
- Add 'leastconn' failover strategy to order defined 'connect' targets
|
|
by the number of active connections.
|
|
- Add '-status' command line option reporting the number of clients
|
|
connected to each service.
|
|
- Deallocate SERVICE_OPTIONS structure when the configuration file
|
|
is reloaded *and* old connections are closed.
|
|
* Command-line server control interface on both Unix and Windows.
|
|
* Separate GUI process running as the current user on Windows.
|
|
* An Android GUI.
|
|
* OCSP stapling (tlsext_status).
|
|
* Extend session tickets and/or sessiond to also serialize application
|
|
data ("redirect" state and session persistence).
|
|
* Indirect CRL support (RFC 3280, section 5).
|
|
* Provide 64-bit Windows builds (besides 32-bit builds).
|
|
This requires either Microsoft Visual Studio Standard Edition or Microsoft
|
|
Visual Studio Professional Edition in order to retain FIPS compliance.
|
|
* MSI installer for Windows.
|
|
* Add user-defined headers to CONNECT proxy requests.
|
|
This can be used to impersonate other software (e.g. web browsers).
|
|
|
|
Low priority features. They will unlikely ever be supported.
|
|
* Database and/or directory interface for retrieving PSK secrets.
|
|
* Support static FIPS-enabled build.
|
|
* Service-level logging destination.
|
|
* Enforce key renegotiation (re-handshake) for long connections.
|
|
* Logging to NT EventLog on Windows.
|
|
* Internationalization of logged messages (i18n).
|
|
* Generic scripting engine instead or static protocol.c.
|
|
|
|
Features I won't support, unless convinced otherwise by a wealthy sponsor.
|
|
* Support for adding X-Forwarded-For to HTTP request headers.
|
|
This feature is less useful since PROXY protocol support is available.
|
|
* Support for adding X-Forwarded-For to SMTP email headers.
|
|
This feature is most likely to be implemented as a separate proxy.
|
|
* Additional certificate checks (including wildcard comparison) based on:
|
|
- O (Organization), and
|
|
- OU (Organizational Unit).
|
|
* Set processes title that appear on the ps(1) and top(1) commands.
|
|
I could not find a portable *and* non-copyleft library for it.
|
|
|