Hi All,
Based on the inputs from Mr.Avila, I was able to fix the issue.
Now I am able to connect to the device from the web browser using HTTPS.
Thanks all of you...
Regards, Siva
On Tue, Jan 13, 2015 at 8:03 PM, Leandro Avila leandro.avila@ymail.com wrote:
Hello,
Looks like you got the hard part done (cross compiling etc)
- You don't need to run stunnel on the client machine. You will use your
web browser and your browser will handle the TLS connection 2. In your case you only need a stunnel instance running as a server on the linux device. Your stunnel.conf will look something like
[https] client = no
accept = 443 connect = 127.0.0.1:80
The above configures stunel as a server, listening for connections on all interfaces port 443 and connecting to localhost port 80
- I'm not sure what you mean by "the device and the machine can have any
random IP and port"
- You mean if both devices get a dhcp assigned ip? In that case the above
config should work, because it listens in all available IPs
- The port portion there are defined ports for http (port 80) and https
(port 443) that should be it for the server unless your application is different. On the client side you don't need to worry about the port
- Stunnel will provide the SSL/TLS encapsulation to your http connection.
So in that regard is a solution. Other times people might opt for using a http server that supports SSL/TLS natively, but you are working on embedded systems so there are contraints there.
This is an alternative for instance.
http://acme.com/software/mini_httpd/
Hope this helps, feel free to ask more questions
Leandro Avila
On Tuesday, January 13, 2015 6:57 AM, Siva Kumar < sivakumar.s.k.k@gmail.com> wrote:
Hi All,
I am fairly new to stunnel and also to the networking concepts.
Currently we are working on a surveillance device running on monta vista
linux on the ARM11 architecture. We have crossed compiled and deployed a THTTPD server which is working fine. Once you connect to the device using any of the web client (from a windows PC), it will take you to a web page where you can select and stream live video's from all the camera's connected to the device. So far everything is working fine now..
Now the real problem is that we need to support https as well along with
http. Since THTTPD web server doesn't support secure connection we thought we would accomplish that using the stunnel application. We were able to download and cross compile the stunnel application for the device.
Now the doubts I have here is:-
- Do we need a stunnel server application running on the windows PC from
where we will be using the web browser to connect to the client?
- Where should be the stunnel server and stunnel client be running. I
mean should the linux device be running the stunnel client and the windows PC be running the stunnel server? In that case what should be the correct accept and connect parameters in the stunnel.conf file in both the device and the windows PC?
- Since the device and the machine can have any random IP and port, so
is it feasible to dynamically set the accept and connect parameters in the stunnel.conf file?
- Can the stunnel be considered as a solution to the problem which I
have reported here. The point 3 above makes me thing otherwise.
I have tried all combinations mentioned in the point 1 and 2 without
success. In none of the case my web browser was able to talk to the device using HTTPS (ie https://my_device_ip). I could see a "client hello" request from the browser to which the client sends an ACK and RST. In some combination an HTTPS request from the browser only triggered a TCP connection request for which the client responded with ACK and RST.
Sorry for the long mail. Any inputs would be deeply appreciated.
Regards, Siva _______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users