Hi All ,
it's mandatory for use stunnel wich the infrastructure has client stunnel and server stunnel ??

Or I can have client stunnel vs Web server HTTPS without stunnel server , only web server https .

I newbie in stunnel , but i think is  mandatory install stunnel in both sites , that's is correct?

Regards


On 05/03/18 20:23, Carlos Castro wrote:

Thanks @Mike

If possible use Squid  + stunnel  to solve the problem with host header? The application is very very old .

Thanks


On 05/03/18 20:06, Mike Spooner wrote:

The problem is the "Host: ..." header that is being sent to the remote server. You need to configure 127.0.0.1:19021 as a proxy in your app (and curl) and then have the app (curl) fetch https://ctm.omego.net


Not sure how to do that in curl, but search the curl manpage for any mentions of "proxy".

-- Mike Spooner

--------- Original Message ---------
From: Carlos Castro
Date: Mon Mar 05 12:28:15 GMT+00:00 2018
Subject: Re: [stunnel-users] Connect using TLS with public Web Server
Hello

Thanks @Peter


Yes , my application not support TLS and I need the application connect
using TLS , for this i using stunnel (i hope)

When I make curl -v http://127.0.0.1:19021  :

curl -v http://127.0.0.1:19201
* Rebuilt URL to: http://127.0.0.1:19201/
*   Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 19201 (#0)
> GET / HTTP/1.1
> Host: 127.0.0.1:19201
> User-Agent: curl/7.47.0
> Accept: */*
>
* HTTP 1.0, assume close after body
< HTTP/1.0 400 Bad Request
< Server: AkamaiGHost
< Mime-Version: 1.0
< Content-Type: text/html
< Content-Length: 208
< Expires: Mon, 05 Mar 2018 12:25:53 GMT
< Date: Mon, 05 Mar 2018 12:25:53 GMT
< Connection: close

The web ctm.omgeo.net only works in mode HTTPS , .

Thanks Peter


On 05/03/18 13:22, Peter Pentchev wrote:
> On Mon, Mar 05, 2018 at 12:32:41PM +0100, Carlos Castro wrote:
>> Hello ,
>>
>> Thanks @Peter
>>
>> I'm trying to configure to connect with my PC to this Public server
>> https://ctm.omgeo.net using TLS1.2 but i don't can.
>>
>> I'm need setup stunnel for old application doesn't support TLS , and this
>> application need connect with this public server to send data.
>>
>>
>> I'm using the Peter config , but nothing . I try this config :
>>
>> [omgeo]
>> client = yes
>> accept = 127.0.0.1:19201
>> connect = ctm.omgeo.net:443
>> verify = 2
>> CApath = /etc/ssl/certs/
>>
>>
>> I'm using Curl to try connect  , I'm recive this error
>>
>> /etc/ssl/certs# curl -v https://127.0.0.1:19201
> Maybe I'm reading this wrong, but if your client application does not
> support TLS, then it won't speak HTTPS, it would speak plain HTTP.
> That's what the configuration you're using does - it tells stunnel to
> run in client mode, i.e. something will connect to stunnel using
> an unencrypted connection and stunnel will connect to a TLS server
> (in this case an HTTPS server).
>
> So what happens when you try almost the same query, but with the "http"
> scheme instead of the "https" one?
>
> curl -v http://127.0.0.1:19201
>
> G'luck,
> Peter
>

_______________________________________________
stunnel-users mailing list
stunnel-users@stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users