[stunnel-users] HTTPS support for the webserver using STUNNEL

Siva Kumar sivakumar.s.k.k at gmail.com
Tue Jan 13 19:29:19 CET 2015


Hi All,

Based on the inputs from Mr.Avila, I was able to fix the issue.

Now I am able to connect to the device from the web browser using HTTPS.

Thanks all of you...

Regards,
Siva

On Tue, Jan 13, 2015 at 8:03 PM, Leandro Avila <leandro.avila at ymail.com>
wrote:

> Hello,
>
> Looks like you got the hard part done (cross compiling etc)
>
> 1. You don't need to run stunnel on the client machine. You will use your
> web browser and your browser will handle the TLS connection
> 2. In your case you only need a stunnel instance running as a server on
> the linux device.
> Your stunnel.conf will look something like
>
> [https]
> client = no
>
> accept = 443
> connect = 127.0.0.1:80
>
>
> The above configures stunel as a server, listening for connections on all
> interfaces port 443 and connecting to
> localhost port 80
>
>
> 3. I'm not sure what you mean by "the device and the machine can have any
> random IP and port"
> - You mean if both devices get a dhcp assigned ip? In that case the above
> config should work, because it listens in all
> available IPs
> - The port portion there are defined ports for http (port 80) and https
> (port 443) that should be it for the server
> unless your application is different. On the client side you don't need to
> worry about the port
>
> 4. Stunnel will provide the SSL/TLS encapsulation to your http connection.
> So in that regard is a solution.
> Other times people might opt for using a http server that supports SSL/TLS
> natively, but you are working on embedded systems
> so there are contraints there.
>
> This is an alternative for instance.
>
> http://acme.com/software/mini_httpd/
>
> Hope this helps, feel free to ask more questions
>
> -----------------
>
> Leandro Avila
>
> On Tuesday, January 13, 2015 6:57 AM, Siva Kumar <
> sivakumar.s.k.k at gmail.com> wrote:
>
>
> >
> >
> >Hi All,
> >
> >
> >I am fairly new to stunnel and also to the networking concepts.
> >
> >
> >Currently we are working on a surveillance device running on monta vista
> linux on the ARM11 architecture. We have crossed compiled and deployed a
> THTTPD server which is working fine. Once you connect to the device using
> any of the web client (from a windows PC), it will take you to a web page
> where you can select and stream live video's from all the camera's
> connected to the device. So far everything is working fine now..
> >
> >
> >Now the real problem is that we need to support https as well along with
> http. Since THTTPD web server doesn't support secure connection we thought
> we would accomplish that using the stunnel application. We were able to
> download and cross compile the stunnel application for the device.
> >
> >
> >Now the doubts I have here is:-
> >
> >
> >1) Do we need a stunnel server application running on the windows PC from
> where we will be using the web browser to connect to the client?
> >
> >
> >2) Where should be the stunnel server and stunnel client be running. I
> mean should the linux device be running the stunnel client and the windows
> PC be running the stunnel server? In that case what should be the correct
> accept and connect parameters in the stunnel.conf file in both the device
> and the windows PC?
> >
> >
> >3) Since the device and the machine can have any random IP and port, so
> is it feasible to dynamically set the accept and connect parameters in the
> stunnel.conf file?
> >
> >
> >4) Can the stunnel be considered as a solution to the problem which I
> have reported here. The point 3 above makes me thing otherwise.
> >
> >
> >I have tried all combinations mentioned in the point 1 and 2 without
> success. In none of the case my web browser was able to talk to the device
> using HTTPS (ie https://my_device_ip). I could see a "client hello"
> request from the browser to which the client sends an ACK and RST. In some
> combination an HTTPS request from the browser only triggered a TCP
> connection request for which the client responded with ACK and RST.
> >
> >
> >Sorry for the long mail. Any inputs would be deeply appreciated.
> >
> >
> >
> >Regards,
> >Siva
> >_______________________________________________
> >stunnel-users mailing list
> >stunnel-users at stunnel.org
> >https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
> >
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20150113/cad3ae73/attachment.html>


More information about the stunnel-users mailing list