Article delegate-en/3440 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A3434@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: SSL between SOCKS-DeleGate (Re: STLS=fsv for SOCKS)
02 Aug 2006 17:13:02 GMT Martin Papadopoulos <payeabdyi-po5c3iyjfbvr.ml@ml.delegate.org>


Hello Yutaka,

the background of my posting maybe of interest to you.
i was looking for a way to do user+password authentication on a
generalist, sockmux or socks delegate.
for now i used as best practice an SSL-certificate which on the server
side was checked with
the -Vrfy parameter. the reason for this is simple , as the server is
public accessible, and i dont want any unauthorized access
to arbitrary servers.
so is there a chance of having authorization on master and sockmux
protocol ?
for the time beeing the socks authorization will do the job of course !

thanx for your support.
greetz fly out from germany...

martin papadopoulos

Yutaka Sato schrieb:
> Hi,
>
> In message <_A3433@delegate-en.ML_> on 08/02/06(02:15:55) I wrote:
>  |As long as I know, SSL between SOCKS-DeleGate has not been implemented yet
>  |because there has no such request, and I have a little hesitation over the
>  |specification.  SSL can be applied to the whole of SOCKS protocol or it can
>  |be applied only to the application protocol as the payload.  Maybe it should
>  |follow the convension of STLS in DeleGate-DeleGate connection (by MASTER).
>  |That is, to apply TLS to the whole SOCKS protocol, specify as this: 
>  |
>  |  STLS=fsv
>  |
>  |I implemented it in 9.2.4-pre8 and uploaded.  It can be used as this:
>  |
>  |  hosta% delegated -P9999 STLS=fsv SERVER=socks SOCKS=hostb:9999
>  |  hostb% delegated -P9999 STLS=fcl SERVER=socks
>  |
>  |The modification to support STLS=fsv was like the enclosed patch.
>
> I noticed that FTP/PORT command freezes with this SOCKS/SSL because
> STLS=fsv is not applied to the BIND command of SOCKS.
> It'll be fixed as the enclosed patch in the next pre-release.
>
> Cheers,
> Yutaka
> --
>   9 9   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
>  ( ~ )  National Institute of Advanced Industrial Science and Technology
> _<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
> Do the more with the less -- B. Fuller
>
>
> *** ../arc/delegate9.2.4-pre8/src/socks.c	Wed Aug  2 01:13:21 2006
> --- src/socks.c	Wed Aug  2 02:46:30 2006
> ***************
> *** 402,407 ****
> --- 402,417 ----
>   	if( sock < 0 )
>   		return -1;
>   
> + 	if( needSTLS_SV(Conn) ){
> + 		int insertTLS_SV(Connection *Conn,int client,int server);
> + 		int fsv;
> + 		fsv = insertTLS_SV(Conn,ClientSock,sock);
> + 		if( 0 <= fsv ){
> + 			dup2(fsv,sock);
> + 			close(fsv);
> + 		}
> + 	}
> + 
>   	sv->s_sock = sock;
>   	if( socks_bind(Conn,sv,dsthost,dstport,uname,AVStr(rhost),rport) == 0 )
>   		return sock;
>
>   




  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V