Hi all,
stunnel seems broken with https served by oracle http server, look at the following one for example:
I'm not able to have http->to https working with that web site, it is a stunnel specific problem or an oracle one?
thanks Nicola
On Saturday 31 January 2009, Mailing List SVR wrote:
Hi all,
Moin,
stunnel seems broken with https served by oracle http server, look at the following one for example:
sorry, this orange.sk, not an oracle page!?
I'm not able to have http->to https working with that web site, it is a stunnel specific problem or an oracle one?
Can you provide error messages, maybe the output of 'Live HTTP headers' (a firefox plugin)
CU
Il giorno dom, 01/02/2009 alle 15.18 +0100, Michael Renner ha scritto:
On Saturday 31 January 2009, Mailing List SVR wrote:
Hi all,
Moin,
stunnel seems broken with https served by oracle http server, look at the following one for example:
sorry, this orange.sk, not an oracle page!?
orange.sk is powered by oracle application server 10.1.3.1.0
I'm not able to have http->to https working with that web site, it is a stunnel specific problem or an oracle one?
here is stunnel configuration:
[http] accept = 8092 connect = www.orange.sk:443 TIMEOUTclose = 0
and here is wget output:
wget http://localhost:8092 --16:55:44-- http://localhost:8092/ Resolving localhost... 127.0.0.1 Connecting to localhost|127.0.0.1|:8092... connected. HTTP request sent, awaiting response... No data received. Retrying.
below are the stunnel logs:
2009.02.01 16:54:14 LOG7[32188:3086767824]: Snagged 64 random bytes from /root/.rnd 2009.02.01 16:54:14 LOG7[32188:3086767824]: Wrote 1024 new random bytes to /root/.rnd 2009.02.01 16:54:14 LOG7[32188:3086767824]: RAND_status claims sufficient entropy for the PRNG 2009.02.01 16:54:14 LOG7[32188:3086767824]: PRNG seeded successfully 2009.02.01 16:54:14 LOG7[32188:3086767824]: SSL context initialized for service http 2009.02.01 16:54:14 LOG5[32188:3086767824]: stunnel 4.26 on i686-pc-linux-gnu with OpenSSL 0.9.8b 04 May 2006 2009.02.01 16:54:14 LOG5[32188:3086767824]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP 2009.02.01 16:54:14 LOG6[32188:3086767824]: file ulimit = 1024 (can be changed with 'ulimit -n') 2009.02.01 16:54:14 LOG6[32188:3086767824]: poll() used - no FD_SETSIZE limit for file descriptors 2009.02.01 16:54:14 LOG5[32188:3086767824]: 500 clients allowed 2009.02.01 16:54:14 LOG7[32188:3086767824]: FD 10 in non-blocking mode 2009.02.01 16:54:14 LOG7[32188:3086767824]: FD 11 in non-blocking mode 2009.02.01 16:54:14 LOG7[32188:3086767824]: FD 12 in non-blocking mode 2009.02.01 16:54:14 LOG7[32188:3086767824]: SO_REUSEADDR option set on accept socket 2009.02.01 16:54:14 LOG7[32188:3086767824]: http bound to 0.0.0.0:8092 2009.02.01 16:54:14 LOG7[32194:3086767824]: Created pid file /stunnel.pid 2009.02.01 15:55:44 LOG7[32194:3086767824]: http accepted FD=13 from 127.0.0.1:54336 2009.02.01 15:55:44 LOG7[32194:3086764944]: http started 2009.02.01 15:55:44 LOG7[32194:3086764944]: FD 13 in non-blocking mode 2009.02.01 15:55:44 LOG7[32194:3086764944]: TCP_NODELAY option set on local socket 2009.02.01 15:55:44 LOG7[32194:3086764944]: Waiting for a libwrap process 2009.02.01 15:55:44 LOG7[32194:3086764944]: Acquired libwrap process #0 2009.02.01 15:55:44 LOG7[32194:3086764944]: Releasing libwrap process #0 2009.02.01 15:55:44 LOG7[32194:3086764944]: Released libwrap process #0 2009.02.01 15:55:44 LOG7[32194:3086764944]: http permitted by libwrap from 127.0.0.1:54336 2009.02.01 15:55:44 LOG5[32194:3086764944]: http accepted connection from 127.0.0.1:54336 2009.02.01 15:55:44 LOG7[32194:3086764944]: FD 14 in non-blocking mode 2009.02.01 15:55:44 LOG7[32194:3086764944]: http connecting 213.151.200.57:443 2009.02.01 15:55:44 LOG7[32194:3086764944]: connect_wait: waiting 10 seconds 2009.02.01 15:55:44 LOG7[32194:3086764944]: connect_wait: connected 2009.02.01 15:55:44 LOG5[32194:3086764944]: http connected remote server from 192.168.2.66:54003 2009.02.01 15:55:44 LOG7[32194:3086764944]: Remote FD=14 initialized 2009.02.01 15:55:44 LOG7[32194:3086764944]: TCP_NODELAY option set on remote socket 2009.02.01 15:55:44 LOG7[32194:3086764944]: SSL state (connect): before/connect initialization 2009.02.01 15:55:44 LOG7[32194:3086764944]: SSL state (connect): SSLv3 write client hello A 2009.02.01 15:55:44 LOG7[32194:3086764944]: SSL state (connect): SSLv3 read server hello A 2009.02.01 15:55:44 LOG7[32194:3086764944]: SSL state (connect): SSLv3 read server certificate A 2009.02.01 15:55:44 LOG7[32194:3086764944]: SSL state (connect): SSLv3 read server done A 2009.02.01 15:55:44 LOG7[32194:3086764944]: SSL state (connect): SSLv3 write client key exchange A 2009.02.01 15:55:44 LOG7[32194:3086764944]: SSL state (connect): SSLv3 write change cipher spec A 2009.02.01 15:55:44 LOG7[32194:3086764944]: SSL state (connect): SSLv3 write finished A 2009.02.01 15:55:44 LOG7[32194:3086764944]: SSL state (connect): SSLv3 flush data 2009.02.01 15:55:45 LOG7[32194:3086764944]: SSL state (connect): SSLv3 read finished A 2009.02.01 15:55:45 LOG7[32194:3086764944]: 1 items in the session cache 2009.02.01 15:55:45 LOG7[32194:3086764944]: 1 client connects (SSL_connect()) 2009.02.01 15:55:45 LOG7[32194:3086764944]: 1 client connects that finished 2009.02.01 15:55:45 LOG7[32194:3086764944]: 0 client renegotiations requested 2009.02.01 15:55:45 LOG7[32194:3086764944]: 0 server connects (SSL_accept()) 2009.02.01 15:55:45 LOG7[32194:3086764944]: 0 server connects that finished 2009.02.01 15:55:45 LOG7[32194:3086764944]: 0 server renegotiations requested 2009.02.01 15:55:45 LOG7[32194:3086764944]: 0 session cache hits 2009.02.01 15:55:45 LOG7[32194:3086764944]: 0 session cache misses 2009.02.01 15:55:45 LOG7[32194:3086764944]: 0 session cache timeouts 2009.02.01 15:55:45 LOG6[32194:3086764944]: SSL connected: new session negotiated 2009.02.01 15:55:45 LOG6[32194:3086764944]: Negotiated ciphers: AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 2009.02.01 15:55:45 LOG7[32194:3086764944]: SSL alert (read): warning: close notify 2009.02.01 15:55:45 LOG7[32194:3086764944]: SSL closed on SSL_read 2009.02.01 15:55:45 LOG7[32194:3086764944]: Socket write shutdown 2009.02.01 15:55:45 LOG7[32194:3086764944]: SSL write shutdown 2009.02.01 15:55:45 LOG7[32194:3086764944]: SSL alert (write): warning: close notify 2009.02.01 15:55:45 LOG6[32194:3086764944]: SSL_shutdown successfully sent close_notify 2009.02.01 15:55:45 LOG5[32194:3086764944]: Connection closed: 121 bytes sent to SSL, 0 bytes sent to socket 2009.02.01 15:55:45 LOG7[32194:3086764944]: http finished (0 left) 2009.02.01 15:55:46 LOG7[32194:3086767824]: http accepted FD=13 from 127.0.0.1:54338 2009.02.01 15:55:46 LOG7[32194:3086764944]: http started 2009.02.01 15:55:46 LOG7[32194:3086764944]: FD 13 in non-blocking mode 2009.02.01 15:55:46 LOG7[32194:3086764944]: TCP_NODELAY option set on local socket 2009.02.01 15:55:46 LOG7[32194:3086764944]: Waiting for a libwrap process 2009.02.01 15:55:46 LOG7[32194:3086764944]: Acquired libwrap process #0 2009.02.01 15:55:46 LOG7[32194:3086764944]: Releasing libwrap process #0 2009.02.01 15:55:46 LOG7[32194:3086764944]: Released libwrap process #0 2009.02.01 15:55:46 LOG7[32194:3086764944]: http permitted by libwrap from 127.0.0.1:54338 2009.02.01 15:55:46 LOG5[32194:3086764944]: http accepted connection from 127.0.0.1:54338 2009.02.01 15:55:46 LOG7[32194:3086764944]: FD 14 in non-blocking mode 2009.02.01 15:55:46 LOG7[32194:3086764944]: http connecting 213.151.200.57:443 2009.02.01 15:55:46 LOG7[32194:3086764944]: connect_wait: waiting 10 seconds 2009.02.01 15:55:46 LOG7[32194:3086764944]: connect_wait: connected 2009.02.01 15:55:46 LOG5[32194:3086764944]: http connected remote server from 192.168.2.66:54005 2009.02.01 15:55:46 LOG7[32194:3086764944]: Remote FD=14 initialized 2009.02.01 15:55:46 LOG7[32194:3086764944]: TCP_NODELAY option set on remote socket 2009.02.01 15:55:46 LOG7[32194:3086764944]: SSL state (connect): before/connect initialization 2009.02.01 15:55:46 LOG7[32194:3086764944]: SSL state (connect): SSLv3 write client hello A 2009.02.01 15:55:46 LOG7[32194:3086764944]: SSL state (connect): SSLv3 read server hello A 2009.02.01 15:55:46 LOG7[32194:3086764944]: SSL state (connect): SSLv3 read finished A 2009.02.01 15:55:46 LOG7[32194:3086764944]: SSL state (connect): SSLv3 write change cipher spec A 2009.02.01 15:55:46 LOG7[32194:3086764944]: SSL state (connect): SSLv3 write finished A 2009.02.01 15:55:46 LOG7[32194:3086764944]: SSL state (connect): SSLv3 flush data 2009.02.01 15:55:46 LOG7[32194:3086764944]: 1 items in the session cache 2009.02.01 15:55:46 LOG7[32194:3086764944]: 2 client connects (SSL_connect()) 2009.02.01 15:55:46 LOG7[32194:3086764944]: 2 client connects that finished 2009.02.01 15:55:46 LOG7[32194:3086764944]: 0 client renegotiations requested 2009.02.01 15:55:46 LOG7[32194:3086764944]: 0 server connects (SSL_accept()) 2009.02.01 15:55:46 LOG7[32194:3086764944]: 0 server connects that finished 2009.02.01 15:55:46 LOG7[32194:3086764944]: 0 server renegotiations requested 2009.02.01 15:55:46 LOG7[32194:3086764944]: 1 session cache hits 2009.02.01 15:55:46 LOG7[32194:3086764944]: 0 session cache misses 2009.02.01 15:55:46 LOG7[32194:3086764944]: 0 session cache timeouts 2009.02.01 15:55:46 LOG6[32194:3086764944]: SSL connected: previous session reused 2009.02.01 15:55:46 LOG7[32194:3086764944]: SSL alert (read): warning: close notify 2009.02.01 15:55:46 LOG7[32194:3086764944]: SSL closed on SSL_read 2009.02.01 15:55:46 LOG7[32194:3086764944]: Socket write shutdown 2009.02.01 15:55:46 LOG7[32194:3086764944]: SSL write shutdown 2009.02.01 15:55:46 LOG7[32194:3086764944]: SSL alert (write): warning: close notify 2009.02.01 15:55:46 LOG6[32194:3086764944]: SSL_shutdown successfully sent close_notify 2009.02.01 15:55:46 LOG7[32194:3086764944]: Socket closed on read 2009.02.01 15:55:46 LOG5[32194:3086764944]: Connection closed: 121 bytes sent to SSL, 0 bytes sent to socket 2009.02.01 15:55:46 LOG7[32194:3086764944]: http finished (0 left)
tamper data (firefox plugin) show nothing interesting, in firefox I have a blank page if I connect using stunnel,
the same web site fails with python httplib too but it works fine if I use squid as reverse proxy both wget and firefox,
thanks Nicola
Can you provide error messages, maybe the output of 'Live HTTP headers' (a firefox plugin)
CU
-
Mailing List SVR -
Michael Renner