Date: Thu, 2 Aug 2001 19:24:50 +0200
From: Petr Vandrovec <vandrove@vc.cvut.cz>
Subject: [PATCH] stunnel 3.18 and out of band data

Hi,
   current stunnel version (and probably all which understand SO_OOBINLINE)
has problem that OOB data written by some application into stream are
delivered to the application on other end of wire as standard inline data.
This causes severe screwup for example for Oracle sqlnet connections,
as sqlnet synchronization is lost and connection is killed by server
due to invalid incoming data.

   Because of stunnel does not use any protocol on the top of SSL stream,
it looks to me that it is impossible to deliver OOB data to the other
end of tunnel correctly as OOB.

   But because of it is possible that some apps can survive even OOB data
incoming in non-OOB stream (I do not know such, but I'm sure that OOBINLINE
code is in ssl.c for some reason...), I wrote patch below which adds
option '-O'. When this option is specified, OOB data are ignored by
stunnel. If '-O' is not specified, code behaves as older version did -
when machine supports OOBINLINE, OOB data are passed inline, otherwise
they are ignored.
                                        Thanks,
                                                Petr Vandrovec