On Mon, Mar 05, 2018 at 01:28:15PM +0100, Carlos Castro wrote:
Hello
Thanks @Peter
Yes , my application not support TLS and I need the application connect using TLS , for this i using stunnel (i hope)
When I make curl -v http://127.0.0.1:19021%C2%A0 :
curl -v http://127.0.0.1:19201
- Rebuilt URL to: http://127.0.0.1:19201/
* Trying 127.0.0.1...
- Connected to 127.0.0.1 (127.0.0.1) port 19201 (#0)
GET / HTTP/1.1 Host: 127.0.0.1:19201 User-Agent: curl/7.47.0 Accept: */*
- HTTP 1.0, assume close after body
< HTTP/1.0 400 Bad Request < Server: AkamaiGHost < Mime-Version: 1.0 < Content-Type: text/html < Content-Length: 208 < Expires: Mon, 05 Mar 2018 12:25:53 GMT < Date: Mon, 05 Mar 2018 12:25:53 GMT < Connection: close
The web ctm.omgeo.net only works in mode HTTPS , .
TL;DR: can you actually try your application with this stunnel config?
Yes, that's why you have stunnel - it will accept a pure HTTP connection from your application (or, in this case, from cURL), and then it will open a TLS (HTTPS) connection to ctm.omgeo.net.
Actually, the "HTTP/1.0 400 Bad Request" response that you get shows that stunnel already works: the request to ctm.omgeo.net is sent via HTTPS, not plain HTTP. If you try to send a plain HTTP request to ctm.omgeo.net port 443, cURL will report a very different error:
[roam@straylight ~]$ curl -v http://ctm.omgeo.net:443/ * Trying 88.221.30.124... * TCP_NODELAY set * Connected to ctm.omgeo.net (88.221.30.124) port 443 (#0)
GET / HTTP/1.1 Host: ctm.omgeo.net:443 User-Agent: curl/7.58.0 Accept: */*
* Recv failure: Connection reset by peer * stopped the pause stream! * Closing connection 0 curl: (56) Recv failure: Connection reset by peer [roam@straylight ~]$
This happens because ctm.omgeo.net expects a TLS Client Hello message on an incoming connection, and cURL sends it a plaintext HTTP request, so ctm.omgeo.net says "this is not TLS, you must speak TLS to me, go away".
So I guess that the "400 Bad Request" response you get from ctm.omgeo.net means that 1. you have successfully sent a request to it and it considered it to be an HTTP request, and 2. it expected the application to send it a specific request, not just a "GET /", so it said "GET / is not a valid request for me, but thanks for speaking HTTPS". So it's time to test your actual application now; configure it to talk to 127.0.0.1:19201 and see what happens.
If anything goes wrong, show us the stunnel log.
Hope that helps!
G'luck, Peter