File: TODO

package info (click to toggle)
stunnel4 3:5.50-3
  • links: PTS, VCS
  • area: main
  • in suites: buster
  • size: 4,492 kB
  • sloc: ansic: 15,914; sh: 5,645; pascal: 2,719; perl: 988; cpp: 650; makefile: 216
file content (49 lines) | stat: -rw-r--r-- 2,372 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
stunnel TODO


High priority features.  They will likely be supported some day.
A sponsor could allocate my time to get them faster.
* Extend session tickets and/or sessiond to also serialize application
  data ("redirect" state and session persistence).
* Add client certificate autoselection based on the list of accepted issuers:
  SSL_CTX_set_client_cert_cb(), SSL_get_client_CA_list().
* Add an Apparmor profile.
* Optional line-buffering of the log file.
* Log rotation on Windows.
* Configuration file option to limit the number of concurrent connections.
* Command-line server control interface on both Unix and Windows.
* Separate GUI process running as the current user on Windows.
* An Android GUI.
* OCSP stapling (tlsext_status).
* Indirect CRL support (RFC 3280, section 5).
* Provide 64-bit Windows builds (besides 32-bit builds).
  This requires either Microsoft Visual Studio Standard Edition or Microsoft
  Visual Studio Professional Edition in order to retain FIPS compliance.
* MSI installer for Windows.
* Add user-defined headers to CONNECT proxy requests.
  This can be used to impersonate other software (e.g. web browsers).

Low priority features.  They will unlikely ever be supported.
* Database and/or directory interface for retrieving PSK secrets.
* Support static FIPS-enabled build.
* Service-level logging destination.
* Enforce key renegotiation (re-handshake) for long connections.
* Logging to NT EventLog on Windows.
* Internationalization of logged messages (i18n).
* Generic scripting engine instead or static protocol.c.
* Add 'leastconn' failover strategy to order defined 'connect' targets
  by the number of active connections.
* Add '-status' command line option reporting the number of clients
  connected to each service.

Features I won't support, unless convinced otherwise by a wealthy sponsor.
* Support for adding X-Forwarded-For to HTTP request headers.
  This feature is less useful since PROXY protocol support is available.
* Support for adding X-Forwarded-For to SMTP email headers.
  This feature is most likely to be implemented as a separate proxy.
* Additional certificate checks (including wildcard comparison) based on:
  - O (Organization), and
  - OU (Organizational Unit).
* Set processes title that appear on the ps(1) and top(1) commands.
  I could not find a portable *and* non-copyleft library for it.