perfect! that made the trick!!!

thank you for your time

Saludos

On Thu, Jan 13, 2011 at 3:00 PM, josealf@rocketmail.com wrote:

Maybe your curl client is trying to negotiate SSLv2... Did you try addding --sslv3 to the command line? Openssl fips disables sslv2..

-----Original Message----- From: Gabriel Sosa sosagabriel@gmail.com Sender: stunnel-users-bounces@mirt.net Date: Thu, 13 Jan 2011 01:39:15 To: stunnel-users@mirt.net Subject: [stunnel-users] Problem with a signed certificate by CA and        curl/wget

hello,

I bought an ssl certificate on thawte and installed to stunnel.

When I go to the site with any browser the ssl is established without any issue, however when I try to call an url using curl or wget I'm not able to download the content

here are the output of curl/wget

[root@www ~]$ curl https://secure.example.com/test.php curl: (35) Unknown SSL protocol error in connection to secure.example.com:443 [root@www1 ~]$ wget https://secure.example.com/test.php --23:27:15--  https://secure.example.com/test.php Resolving secure.example.com... xxx.xxx.xxx.xxx Connecting to secure.example.com|xxx.xxx.xxx.xxx|:443... connected. Unable to establish SSL connection. [root@www ~]$

my stunnel config file looks like

;setuid=nobody ;setgid=nobody fips=no

pid=/var/run/stunnel.pid debug=3 output=/var/log/stunnel.log cert=/etc/ssl/certs/stunnel.pem CAfile=/etc/ssl/certs/ssl123.crt

socket=l:TCP_NODELAY=1 socket=r:TCP_NODELAY=1

[secure.example.com] accept=xxx.xxx.xxx.xxx:443 connect=zzz.zzz.zzz.zzz:8443 TIMEOUTclose=0 xforwardedfor=yes

I'm using the version 4.34 + xforwardedfor patch

the file ssl123.crt contains the root CA of thawte

uname -a output

Linux secure.example.com 2.6.18-164.6.1.el5 #1 SMP Tue Nov 3 16:12:36 EST 2009 x86_64 x86_64 x86_64 GNU/Linux

gcc -v output

Using built-in specs. Target: x86_64-redhat-linux Configured with: ../configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --enable-shared --enable-threads=posix --enable-checking=release --with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions --enable-libgcj-multifile --enable-languages=c,c++,objc,obj-c++,java,fortran,ada --enable-java-awt=gtk --disable-dssi --enable-plugin --with-java-home=/usr/lib/jvm/java-1.4.2-gcj-1.4.2.0/jre --with-cpu=generic --host=x86_64-redhat-linux Thread model: posix gcc version 4.1.2 20080704 (Red Hat 4.1.2-46)

openssl version

OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008

Does anyone have some clue about what could be causing the problem. Any help will be really appreciated.

Thank you

-- Gabriel Sosa Si buscas resultados distintos, no hagas siempre lo mismo. - Einstein _______________________________________________ stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users