Re: [stunnel-users] Re: Connect using TLS with public Web Server
Hi All , it's mandatory for use stunnel wich the infrastructure has client stunnel and server stunnel ?? Or I can have client stunnel vs Web server HTTPS without stunnel server , only web server https . I newbie in stunnel , but i think is mandatory install stunnel in both sites , that's is correct? Regards On 05/03/18 20:23, Carlos Castro wrote:
Thanks @Mike
If possible use Squid + stunnel to solve the problem with host header? The application is very very old .
Thanks
On 05/03/18 20:06, Mike Spooner wrote:
The problem is the "Host: ..." header that is being sent to the remote server. You need to configure 127.0.0.1:19021 as a proxy in your app (and curl) and then have the app (curl) fetch https://ctm.omego.net
Not sure how to do that in curl, but search the curl manpage for any mentions of "proxy".
-- Mike Spooner
--------- Original Message --------- *From*: Carlos Castro *Date*: Mon Mar 05 12:28:15 GMT+00:00 2018 *Subject*: Re: [stunnel-users] Connect using TLS with public Web Server Hello
Thanks @Peter
Yes , my application not support TLS and I need the application connect using TLS , for this i using stunnel (i hope)
When I make curl -v http://127.0.0.1:19021 :
curl -v http://127.0.0.1:19201 * Rebuilt URL to: http://127.0.0.1:19201/ * Trying 127.0.0.1... * Connected to 127.0.0.1 (127.0.0.1) port 19201 (#0)
GET / HTTP/1.1 Host: 127.0.0.1:19201 User-Agent: curl/7.47.0 Accept: */*
* HTTP 1.0, assume close after body < HTTP/1.0 400 Bad Request < Server: AkamaiGHost < Mime-Version: 1.0 < Content-Type: text/html < Content-Length: 208 < Expires: Mon, 05 Mar 2018 12:25:53 GMT < Date: Mon, 05 Mar 2018 12:25:53 GMT < Connection: close
The web ctm.omgeo.net only works in mode HTTPS , .
Thanks Peter
On 05/03/18 13:22, Peter Pentchev wrote:
On Mon, Mar 05, 2018 at 12:32:41PM +0100, Carlos Castro wrote:
Hello ,
Thanks @Peter
I'm trying to configure to connect with my PC to this Public server https://ctm.omgeo.net using TLS1.2 but i don't can.
I'm need setup stunnel for old application doesn't support TLS , and this application need connect with this public server to send data.
I'm using the Peter config , but nothing . I try this config :
[omgeo] client = yes accept = 127.0.0.1:19201 connect = ctm.omgeo.net:443 verify = 2 CApath = /etc/ssl/certs/
I'm using Curl to try connect , I'm recive this error
/etc/ssl/certs# curl -v https://127.0.0.1:19201 Maybe I'm reading this wrong, but if your client application does not support TLS, then it won't speak HTTPS, it would speak plain HTTP. That's what the configuration you're using does - it tells stunnel to run in client mode, i.e. something will connect to stunnel using an unencrypted connection and stunnel will connect to a TLS server (in this case an HTTPS server).
So what happens when you try almost the same query, but with the "http" scheme instead of the "https" one?
curl -v http://127.0.0.1:19201
G'luck, Peter
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
On Tue, Mar 06, 2018 at 09:34:01AM +0100, Carlos Castro wrote:
Hi All , it's mandatory for use stunnel wich the infrastructure has client stunnel and server stunnel ??
No.
Or I can have client stunnel vs Web server HTTPS without stunnel server , only web server https .
Yes; see my other message - this is exactly what you have now, and I believe that you already have it working.
I newbie in stunnel , but i think is mandatory install stunnel in both sites , that's is correct?
No, see above. G'luck, Peter -- Peter Pentchev roam@ringlet.net roam@FreeBSD.org pp@storpool.com PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13
participants (2)
-
Carlos Castro -
Peter Pentchev