it still doesnt seem to work. i tried it with deviantart.com again. configuration: client = yes accept = 127.0.0.1:80 connect = 52.85.220.247:443 verifyChain = yes CAfile = ca-certs.pem checkHost = *.deviantart.com
the name after checkHost is the "Common Name" displayed when viewing the site's certificate in a browser(lock icon, view certificate). i also saved the certificate in case i would need to try the "certificate pinning" method. the connect IP is what 'get-site-ip.com' says the IP of the website is.
these are the logs: Service [fbsd-www] accepted connection from 127.0.0.1:4121 s_connect: connected 52.85.220.247:443 Service [fbsd-www] connected remote server from 192.168.0.3:4122 SSL_connect: 14077410: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
i know i pestered everyone long enough, but i still havent been able to connect to anything. without any verification its the same
On 12/21/18, Javier jamilist.stn@gmx.es wrote:
On Fri, 21 Dec 2018 13:58:35 +0200 Peter Pentchev roam@ringlet.net wrote:
Hm, there's no reason why stunnel would not work like that for a predetermined set of hosts with known addresses.
Hi,
I'm just trying to avoid encouraging him on keep with his first idea of browsing through Stunnel, with, or without privoxy.
Of course one site, one connection would work, if we forget about secondary issues and..., nevermind...
I give up :D
Regards.
stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users