Hello dear community.<div><div><span></span></div><div><br>I faced some troubles for iphone:<br>I moved separate server from
hardware to AWS Cloud with SSL certificate from Register.com. It moved well,
and phone application continue work with new server without any
problems.<br>
Then I installed LoadBalancer (HAProxy and Stunnel) for it and moved certificate
with key from configs of Apache to config of stunnel. In PC browser it
continue works well, and shows me blue field near the URL as trusted.
But on iPhone browser it shows just "Untrusted server certificate". <br>
Is there any difference for ssl certificate for stunnel and Apache?<br>I understand that there is very specific question, but would you have any ideas about it?<br><br></div></div><b>Config of stunnel:</b><br><div style="margin-left: 40px;">
cert = /usr/local/etc/stunnel/stunnel.pem<br>chroot = /usr/local/var/lib/stunnel/<br>setuid = nobody<br>setgid = nobody<br>pid = /stunnel.pid<br>socket = l:TCP_NODELAY=1<br>socket = r:TCP_NODELAY=1<br>debug = 7<br>output = stunnel.log<br>
<br>[https]<br>accept� = 443<br>connect = 80<br>xforwardedfor=yes<br>TIMEOUTclose = 0<br></div><br><b>Patch for stunnel</b><br><a href="http://haproxy.1wt.eu/download/patches/stunnel-4.22-xforwarded-for.diff" target="_blank">http://haproxy.1wt.eu/download/patches/stunnel-4.22-xforwarded-for.diff</a><br>
need to make work "xforwardedfor=yes"<br><br><b># stunnel -version</b><br><div style="margin-left: 40px;">
stunnel 4.22 on i686-pc-linux-gnu with OpenSSL 0.9.8b 04 May 2006<br>Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP<br><br>Global options<br>debug���������� = 5<br>pid������������ = /usr/local/var/run/stunnel/stunnel.pid<br>
RNDbytes������� = 64<br>RNDfile�������� = /dev/urandom<br>RNDoverwrite��� = yes<br><br>Service-level options<br>cert����������� = /usr/local/etc/stunnel/stunnel.pem<br>ciphers�������� = AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH<br>
key������������ = /usr/local/etc/stunnel/stunnel.pem<br>session�������� = 300 seconds<br>stack���������� = 65536 bytes<br>sslVersion����� = SSLv3 for client, all for server<br>TIMEOUTbusy���� = 300 seconds<br>TIMEOUTclose��� = 60 seconds<br>
TIMEOUTconnect� = 10 seconds<br>TIMEOUTidle���� = 43200 seconds<br>verify��������� = none<br></div><b><br># uname -a</b><br><div style="margin-left: 40px;">Linux domU-12-31-38-00-35-07 2.6.18-xenU-ec2-v1.0 #2 SMP Tue Feb 19 10:51:53 EST 2008 i686 athlon i386 GNU/Linux<br>
</div><b><br># openssl version</b><br><div style="margin-left: 40px;">OpenSSL 0.9.8b 04 May 2006<br></div><div><div><br><b>And logs from stunnel when iphone tryed to conenct</b><br><div style="margin-left: 40px;">2009.08.04 08:20:16 LOG7[31023:3081598672]: https accepted FD=15 from <a href="http://24.5.77.143:58019">24.5.77.143:58019</a><br>
2009.08.04 08:20:16 LOG7[31023:3081550736]: https started<br>2009.08.04 08:20:16 LOG7[31023:3081550736]: FD 15 in non-blocking mode<br>2009.08.04 08:20:16 LOG7[31023:3081550736]: TCP_NODELAY option set on local socket<br>
2009.08.04 08:20:16 LOG7[31023:3081550736]: Waiting for a libwrap process<br>2009.08.04 08:20:16 LOG7[31023:3081550736]: Acquired libwrap process #0<br>2009.08.04 08:20:16 LOG7[31023:3081550736]: Releasing libwrap process #0<br>
2009.08.04 08:20:16 LOG7[31023:3081550736]: Released libwrap process #0<br>2009.08.04 08:20:16 LOG7[31023:3081550736]: https permitted by libwrap from <a href="http://24.5.77.143:58019">24.5.77.143:58019</a><br>2009.08.04 08:20:16 LOG5[31023:3081550736]: https accepted connection from <a href="http://24.5.77.143:58019">24.5.77.143:58019</a><br>
2009.08.04 08:20:16 LOG7[31023:3081550736]: SSL state (accept): before/accept initialization<br>2009.08.04 08:20:16 LOG7[31023:3081550736]: SSL state (accept): SSLv3 read client hello A<br>2009.08.04 08:20:16 LOG7[31023:3081550736]: SSL state (accept): SSLv3 write server hello A<br>
2009.08.04 08:20:16 LOG7[31023:3081550736]: SSL state (accept): SSLv3 write certificate A<br>2009.08.04 08:20:16 LOG7[31023:3081550736]: SSL state (accept): SSLv3 write server done A<br>2009.08.04 08:20:16 LOG7[31023:3081550736]: SSL state (accept): SSLv3 flush data<br>
2009.08.04 08:20:16 LOG3[31023:3081550736]: SSL_accept: Peer suddenly disconnected<br>2009.08.04 08:20:16 LOG5[31023:3081550736]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket<br>2009.08.04 08:20:16 LOG7[31023:3081550736]: https finished (0 left)<br>
</div><br><br>Thank you in advance,<br>Max
</div></div>