[stunnel-users] HTTPS hardcoded redirects
Ezio Ostorero
ezio.ostorero at gmail.com
Mon Dec 10 16:22:35 CET 2007
All,
I have a problem similar to the one described in
http://mirt.net/pipermail/stunnel-users/2006-October/001324.html i.e. I
***wish*** to use the recording functionalities of JMeter while accessing an
apache-SSL-secured Tomcat web server.
JMeter does not allow recording on SSL so I have to ... un-cipher my HTTPS
sessions, stunnel looks like the right choice.
Being an stunnel newbie, I started here:
http://www.stunnel.org/examples/https_client.html , this HOWTO looks quite
close to my configuration.
We have a plain-vanilla tomcat server behind an apache/SSL, and I want to
access this web application from an HTTP-only browser.
So, I configure stunnel as a "client", I run it on my PC, with the
following configuration:
[psuedo-https]
accept = 8080
connect = <server>:443
TIMEOUTclose = 0
I read it as follows: stunnel talk cleartext HTTP on the local 8080 port and
forwards in crypted HTTPS on the <server> port 443
I set the URL in my browser to http://localhost:8080/oi/ and this happens:
1) Ethereal sez that my PC and <server> start an SSLv3 conversation, good,
we're on track
2) I have an HTTP analyzer plugged in my browser that shows me the content
of the first GET
that is a redirect to an SSO server (on the same <server>:443 port) for
user authentication
https://<server>/ssoserver/login?service=......
3) My browser then issue a GET to
https://<server>/ssoserver/login?service=......
and is GAME OVER, my beloved stunnel is cleanly bypassed by the
hardcoded https://<server>/ string
Any suggestion? Is it a dead end?
Any dirty trick I could play with? Such as running multiple stunnel
instances, setting <server> = localhost in my hosts file etc.?
Thanks,
Ezio
--
Ezio Ostorero, Catania
Seltz e limone col sale. Arriminatu, non annacatu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20071210/ac9ff10e/attachment.html>
More information about the stunnel-users
mailing list