I must appologize for the short explanation but I am running short in time. I adapted the "connect-proxy_savardd.patch" to stunnel-4.05. Thanks to the great work of Daniel Savard. After the adaption the proxy functionality was not working. This was because the introduced method "connect_to_finaldest" was not called in a special return case of the method "connect_remote". This special case is entered when working with OS Windows as I can read from the code comments. So I fixed the problem and added an additional call of "connect_to_finaldest" to send the http "connect..." stuff before doing ssl handshake. Please oversea some formatting differences. They come from lots of log lines I've added temporarily for debugging purposes. I found it useful to add "Proxy-connection: Keep-Alive" and "Pragma: no-cache" to the connect string sent to the proxy. This results in not caching the ssl data transfered and in keeping the connection alive between calls. Both options could be made configurable within the stunnel config file. Feel free to add this functionality. !!!! Important !!!! The only scenario I've tested with the proxy functionality is: MSIE with http -> stunnel on local host -> proxy -> https service in the internet !!!!Important!!!! Please feel free to do more tests and probably fix some more bugs :-)) Have fun! Kind Regards Matthias ------ Date: Sat, 24 Apr 2004 14:12:38 +0200 From: Matthias Wald Subject: connect proxy patch adapted to be more standard conform Hi, I have changed again the proxy connection string to be more standard conform. Therefore the "Host:" and "Content-Length:" options have been added. Testing reveiled that a lot of proxies rejected the connection when this options are missing. Remember that still "HTTP/1.0" is sent for backwards compatibility where in fact the request now is HTTP 1.1 conform. The header beeing sent looks now like: CONNECT : HTTP/1.0 Host: : Content-Length: 0 Proxy-Authorization: Basic User-Agent: Proxy-Connection: Keep-Alive Pragma: no-cache Regards Matthias