All,

  I have a problem similar to the one described in  http://mirt.net/pipermail/stunnel-users/2006-October/001324.html i.e. I ***wish*** to use the recording functionalities of JMeter while accessing an apache-SSL-secured Tomcat web server.

  JMeter does not allow recording on SSL so I have to ... un-cipher my HTTPS sessions, stunnel looks like the right choice.

  Being an stunnel newbie, I started here: http://www.stunnel.org/examples/https_client.html , this HOWTO looks quite close to my configuration.

  We have a plain-vanilla tomcat server behind an apache/SSL, and I want to access this web application from an HTTP-only browser.

  So, I configure stunnel as a "client", I run it on my PC, with the following configuration:

[psuedo-https]
accept  = 8080
connect = <server>:443
TIMEOUTclose = 0

I read it as follows: stunnel talk cleartext HTTP on the local 8080 port and forwards in crypted HTTPS on the <server> port 443

I set the URL in my browser to  http://localhost:8080/oi/ and this happens:

1) Ethereal sez that my PC and <server> start an SSLv3 conversation, good, we're on track
 
2) I have an HTTP analyzer plugged in my browser that shows me the content of the first GET
    that is a redirect to an SSO server (on the same <server>:443 port) for user authentication

         https://<server>/ssoserver/login?service=......
   
3) My browser then issue a GET to https://<server>/ssoserver/login?service=......
    and is GAME OVER, my beloved stunnel is cleanly bypassed by the
    hardcoded https://<server>/ string

Any suggestion? Is it a dead end?
Any dirty trick I could play with? Such as running multiple stunnel instances, setting <server> = localhost in my hosts file etc.?

Thanks,

                  Ezio

--
Ezio Ostorero, Catania
Seltz e limone col sale. Arriminatu, non annacatu