All,
I have a problem similar to the one described in http://mirt.net/pipermail/stunnel-users/2006-October/001324.html
i.e. I ***wish*** to use the recording functionalities of JMeter while accessing an apache-SSL-secured Tomcat web server.
JMeter does not allow recording on SSL so I have to ... un-cipher my HTTPS sessions, stunnel looks like the right choice.
Being an stunnel newbie, I started here:
http://www.stunnel.org/examples/https_client.html , this HOWTO looks quite close to my configuration.
We have a plain-vanilla tomcat server behind an apache/SSL, and I want to access this web application from an HTTP-only browser.
So, I configure stunnel as a "client", I run it on my PC, with the following configuration:
[psuedo-https]
accept = 8080
connect = <server>:443
TIMEOUTclose = 0
I read it as follows: stunnel talk cleartext HTTP on the local 8080 port and forwards in crypted HTTPS on the <server> port 443
I set the URL in my browser to http://localhost:8080/oi/ and this happens:
1) Ethereal sez that my PC and <server> start an SSLv3 conversation, good, we're on track
2) I have an HTTP analyzer plugged in my browser that shows me the content of the first GET
that is a redirect to an SSO server (on the same <server>:443 port) for user authentication
https://<server>/ssoserver/login?service=......
3) My browser then issue a GET to https://<server>/ssoserver/login?service=......
and is GAME OVER, my beloved stunnel is cleanly bypassed by the
hardcoded https://<server>/ string
Any suggestion? Is it a dead end?
Any dirty trick I could play with? Such as running multiple stunnel instances, setting <server> = localhost in my hosts file etc.?
Thanks,
Ezio
--
Ezio Ostorero, Catania
Seltz e limone col sale. Arriminatu, non annacatu