Hi,
Can I develop an application based on OpenSSL such that it can communicate with all trusted sites ? Like browser can communicates? Actually I have desktop application that uses SSL. Now this application may communicate with any trusted server application. How can I achieve this ?
Thanks,
Zubair
-----Original Message----- From: stunnel-users-bounces@stunnel.org [mailto:stunnel-users-bounces@stunnel.org] On Behalf Of stunnel-users-request@stunnel.org Sent: Wednesday, December 21, 2011 9:27 PM To: stunnel-users@stunnel.org Subject: stunnel-users Digest, Vol 89, Issue 21
Send stunnel-users mailing list submissions to stunnel-users@stunnel.org
To subscribe or unsubscribe via the World Wide Web, visit http://stunnel.mirt.net/mailman/listinfo/stunnel-users or, via email, send a message with subject or body 'help' to stunnel-users-request@stunnel.org
You can reach the person managing the list at stunnel-users-owner@stunnel.org
When replying, please edit your Subject line so it is more specific than "Re: Contents of stunnel-users digest..."
Today's Topics:
1. Re: Configuring VeriSign certificate with STunnel (Michal Trojnara) 2. stunnel segfault, please advise (Mehdi Bennani) 3. Re: Configuring VeriSign certificate with STunnel (Ludovic LEVET) 4. Segfault with stunnel (yassine ayachi) 5. Re: Segfault with stunnel (Scott Damron) 6. unsubscribe (Brian McGinity) 7. Re: Missing bytes? (Arthur Murray) 8. Re: Segfault with stunnel (yassine ayachi)
----------------------------------------------------------------------
Message: 1 Date: Wed, 21 Dec 2011 13:30:45 +0100 From: Michal Trojnara Michal.Trojnara@mirt.net To: stunnel-users@stunnel.org Subject: Re: [stunnel-users] Configuring VeriSign certificate with STunnel Message-ID: f039775ca5efe5be73a2858b88f0ebc2@mirt.net Content-Type: text/plain; charset=UTF-8; format=flowed
Zubair Ali Mansoor wrote:
2011.12.21 13:31:30 LOG3[5144:2256]: SSL_CTX_use_certificate_chain_file: D0680A8: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
I don't think this problem is specific to stunnel: https://encrypted.google.com/search?q=%22ASN1_CHECK_TLEN%3Awrong+tag%22+veri sign
Mike
------------------------------
Message: 2 Date: Wed, 21 Dec 2011 07:34:19 -0500 From: Mehdi Bennani mehdibennani@hotmail.com To: stunnel-users@stunnel.org Subject: [stunnel-users] stunnel segfault, please advise Message-ID: SNT134-W33BCBEA69CFD9694C37B7EC3A50@phx.gbl Content-Type: text/plain; charset="iso-8859-1"
Hi you guys,
I proposed stunnel as a potential solution to our product about 4-5 months ago and I am in the process of testing a prototype I have built around that proposition. I am using stunnel v. 4.41. I am relatively new to stunnel myself.
The env. is as follows: We are trying to secure an rdp connection from a java applet running in a web browser into a windows 2008 server machine behind our firewall. Presently, the java applet opens up an RDP connection into a machine (I will call it the SSL machine) where Stunnel is presently installed. Stunnel then forwards properly the incoming traffic (from portA) into its final destination (i.e: the windows Server 2008 machine) on port B. Further, I have configured Stunnel to use an SSL certificate. (Although, I have not been able to test that yet to make sure it works)
Anyhow, it is all working as expected and I am pretty happy about the proof of concept. However, while testing it a bit, I noticed that it was relatively easy to bring stunnel down. The way I went about it, was to simply run a "telnet IP_of_MySSLMachine portA" from any DOS command window from any machine with internet access. From the Stunnel logs, I can tell that I get a response from Stunnel and on the DOS window side, I have a cursor waiting for input.... Writing any gibberish into that DOS windows and waiting a little bit makes stunnel stop and die in the SSL machine. I found nothing in the stunnel log, but grepping in the /var/log/, I found the segfault
sslmahine:/var/log/# grep stunnel messages kernel: [1996904.624042] stunnel [19696]: segfault at 8 ip b768d361 sp b7601210 error 4 in libc-2.7.so[b7621000+138000]
After another telnet execution, few days later: sslmahine:/var/log/# grep stunnel messages kernel: [4930384.164316] stunnel [14540]: segfault at 8 ip b7629b61 error 6 in libc-2.7.so[b75bd000+138000]
Basically, if I don't issue that telnet command, stunnel works properly. As soon as I issue that command and start typing few things in that DOS console, stunnel dies. I have to manually restart it.
Question: I was wondering if you guys could shed some light into this behavior. Is it a known behavior/bug? Is there a way to solve it by maybe upgrading into a later version of stunnel? Also, I was thinking to block telnet altogether at the firewall level, but then I am not sure what other protocols could people use to hack into the system...so should I block all of them? And, finally is there a more secure way to setup stunnel?
Thank you in advance
Mehdi/