| stunnel TODO |
| |
| |
| High priority features. They will likely be supported some day. |
| A sponsor could allocate my time to get them faster. |
| * Add an Apparmor profile. |
| * Optional line-buffering of the log file. |
| * Log rotation on Windows. |
| * Configuration file option to limit the number of concurrent connections. |
| * Implement reference counting of the SERVICE_OPTIONS structure |
| - Add 'leastconn' failover strategy to order defined 'connect' targets |
| by the number of active connections. |
| - Add '-status' command line option reporting the number of clients |
| connected to each service. |
| - Deallocate SERVICE_OPTIONS structure when the configuration file |
| is reloaded *and* old connections are closed. |
| * Command-line server control interface on both Unix and Windows. |
| * Separate GUI process running as current user on Windows. |
| * An Android GUI. |
| * Indirect CRL support (RFC 3280, section 5). |
| * Provide 64-bit Windows builds (besides 32-bit builds). |
| This requires either Microsoft Visual Studio Standard Edition or Microsoft |
| Visual Studio Professional Edition in order to retain FIPS compliance. |
| * MSI installer for Windows. |
| * Database and/or directory interface for retrieving PSK secrets. |
| * Extend session tickets and/or sessiond to also serialize |
| application data ("redirect" state and session persistence). |
| * Add user-defined headers to proxy requests in order to impersonate |
| other software (e.g. web browsers). |
| |
| Low priority features. They will unlikely ever be supported. |
| * Support static FIPS-enabled build. |
| * Service-level logging destination. |
| * Enforce key renegotiation (re-handshake) for long connections. |
| * Logging to NT EventLog on Windows. |
| * Internationalization of logged messages (i18n). |
| * Generic scripting engine instead or static protocol.c. |
| |
| Features I won't support, unless convinced otherwise by a wealthy sponsor. |
| * Support for adding X-Forwarded-For to HTTP request headers. |
| This feature is less useful since PROXY protocol support is available. |
| * Support for adding X-Forwarded-For to SMTP email headers. |
| This feature is most likely to be implemented as a separate proxy. |
| * Additional certificate checks (including wildcard comparison) based on: |
| - O (Organization), and |
| - OU (Organizational Unit). |
| * Set processes title that appear on the ps(1) and top(1) commands. |
| I could not find a portable *and* non-copyleft library for it. |
| |