[stunnel-users] Stunnel seems broken with oracle http server

Mailing List SVR lists at svrinformatica.it
Sun Feb 1 17:00:37 CET 2009


Il giorno dom, 01/02/2009 alle 15.18 +0100, Michael Renner ha scritto:
> On Saturday 31 January 2009, Mailing List SVR wrote:
> > Hi all,
> 
> Moin,
> 
> > stunnel seems broken with https served by oracle http server, look at
> > the following one for example:
> >
> > https://www.orange.sk/
> 
> sorry, this orange.sk, not an oracle page!?

orange.sk is powered by oracle application server 10.1.3.1.0

> 
> > I'm not able to have http->to https working with that web site, it is a
> > stunnel specific problem or an oracle one?

here is stunnel configuration:

[http]
accept  = 8092 
connect = www.orange.sk:443
TIMEOUTclose = 0


and here is wget output:

wget http://localhost:8092
--16:55:44--  http://localhost:8092/
Resolving localhost... 127.0.0.1
Connecting to localhost|127.0.0.1|:8092... connected.
HTTP request sent, awaiting response... No data received.
Retrying.


below are the stunnel logs:

2009.02.01 16:54:14 LOG7[32188:3086767824]: Snagged 64 random bytes
from /root/.rnd
2009.02.01 16:54:14 LOG7[32188:3086767824]: Wrote 1024 new random bytes
to /root/.rnd
2009.02.01 16:54:14 LOG7[32188:3086767824]: RAND_status claims
sufficient entropy for the PRNG
2009.02.01 16:54:14 LOG7[32188:3086767824]: PRNG seeded successfully
2009.02.01 16:54:14 LOG7[32188:3086767824]: SSL context initialized for
service http
2009.02.01 16:54:14 LOG5[32188:3086767824]: stunnel 4.26 on
i686-pc-linux-gnu with OpenSSL 0.9.8b 04 May 2006
2009.02.01 16:54:14 LOG5[32188:3086767824]: Threading:PTHREAD SSL:ENGINE
Sockets:POLL,IPv6 Auth:LIBWRAP
2009.02.01 16:54:14 LOG6[32188:3086767824]: file ulimit = 1024 (can be
changed with 'ulimit -n')
2009.02.01 16:54:14 LOG6[32188:3086767824]: poll() used - no FD_SETSIZE
limit for file descriptors
2009.02.01 16:54:14 LOG5[32188:3086767824]: 500 clients allowed
2009.02.01 16:54:14 LOG7[32188:3086767824]: FD 10 in non-blocking mode
2009.02.01 16:54:14 LOG7[32188:3086767824]: FD 11 in non-blocking mode
2009.02.01 16:54:14 LOG7[32188:3086767824]: FD 12 in non-blocking mode
2009.02.01 16:54:14 LOG7[32188:3086767824]: SO_REUSEADDR option set on
accept socket
2009.02.01 16:54:14 LOG7[32188:3086767824]: http bound to 0.0.0.0:8092
2009.02.01 16:54:14 LOG7[32194:3086767824]: Created pid
file /stunnel.pid
2009.02.01 15:55:44 LOG7[32194:3086767824]: http accepted FD=13 from
127.0.0.1:54336
2009.02.01 15:55:44 LOG7[32194:3086764944]: http started
2009.02.01 15:55:44 LOG7[32194:3086764944]: FD 13 in non-blocking mode
2009.02.01 15:55:44 LOG7[32194:3086764944]: TCP_NODELAY option set on
local socket
2009.02.01 15:55:44 LOG7[32194:3086764944]: Waiting for a libwrap
process
2009.02.01 15:55:44 LOG7[32194:3086764944]: Acquired libwrap process #0
2009.02.01 15:55:44 LOG7[32194:3086764944]: Releasing libwrap process #0
2009.02.01 15:55:44 LOG7[32194:3086764944]: Released libwrap process #0
2009.02.01 15:55:44 LOG7[32194:3086764944]: http permitted by libwrap
from 127.0.0.1:54336
2009.02.01 15:55:44 LOG5[32194:3086764944]: http accepted connection
from 127.0.0.1:54336
2009.02.01 15:55:44 LOG7[32194:3086764944]: FD 14 in non-blocking mode
2009.02.01 15:55:44 LOG7[32194:3086764944]: http connecting
213.151.200.57:443
2009.02.01 15:55:44 LOG7[32194:3086764944]: connect_wait: waiting 10
seconds
2009.02.01 15:55:44 LOG7[32194:3086764944]: connect_wait: connected
2009.02.01 15:55:44 LOG5[32194:3086764944]: http connected remote server
from 192.168.2.66:54003
2009.02.01 15:55:44 LOG7[32194:3086764944]: Remote FD=14 initialized
2009.02.01 15:55:44 LOG7[32194:3086764944]: TCP_NODELAY option set on
remote socket
2009.02.01 15:55:44 LOG7[32194:3086764944]: SSL state (connect):
before/connect initialization
2009.02.01 15:55:44 LOG7[32194:3086764944]: SSL state (connect): SSLv3
write client hello A
2009.02.01 15:55:44 LOG7[32194:3086764944]: SSL state (connect): SSLv3
read server hello A
2009.02.01 15:55:44 LOG7[32194:3086764944]: SSL state (connect): SSLv3
read server certificate A
2009.02.01 15:55:44 LOG7[32194:3086764944]: SSL state (connect): SSLv3
read server done A
2009.02.01 15:55:44 LOG7[32194:3086764944]: SSL state (connect): SSLv3
write client key exchange A
2009.02.01 15:55:44 LOG7[32194:3086764944]: SSL state (connect): SSLv3
write change cipher spec A
2009.02.01 15:55:44 LOG7[32194:3086764944]: SSL state (connect): SSLv3
write finished A
2009.02.01 15:55:44 LOG7[32194:3086764944]: SSL state (connect): SSLv3
flush data
2009.02.01 15:55:45 LOG7[32194:3086764944]: SSL state (connect): SSLv3
read finished A
2009.02.01 15:55:45 LOG7[32194:3086764944]:    1 items in the session
cache
2009.02.01 15:55:45 LOG7[32194:3086764944]:    1 client connects
(SSL_connect())
2009.02.01 15:55:45 LOG7[32194:3086764944]:    1 client connects that
finished
2009.02.01 15:55:45 LOG7[32194:3086764944]:    0 client renegotiations
requested
2009.02.01 15:55:45 LOG7[32194:3086764944]:    0 server connects
(SSL_accept())
2009.02.01 15:55:45 LOG7[32194:3086764944]:    0 server connects that
finished
2009.02.01 15:55:45 LOG7[32194:3086764944]:    0 server renegotiations
requested
2009.02.01 15:55:45 LOG7[32194:3086764944]:    0 session cache hits
2009.02.01 15:55:45 LOG7[32194:3086764944]:    0 session cache misses
2009.02.01 15:55:45 LOG7[32194:3086764944]:    0 session cache timeouts
2009.02.01 15:55:45 LOG6[32194:3086764944]: SSL connected: new session
negotiated
2009.02.01 15:55:45 LOG6[32194:3086764944]: Negotiated ciphers:
AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
2009.02.01 15:55:45 LOG7[32194:3086764944]: SSL alert (read): warning:
close notify
2009.02.01 15:55:45 LOG7[32194:3086764944]: SSL closed on SSL_read
2009.02.01 15:55:45 LOG7[32194:3086764944]: Socket write shutdown
2009.02.01 15:55:45 LOG7[32194:3086764944]: SSL write shutdown
2009.02.01 15:55:45 LOG7[32194:3086764944]: SSL alert (write): warning:
close notify
2009.02.01 15:55:45 LOG6[32194:3086764944]: SSL_shutdown successfully
sent close_notify
2009.02.01 15:55:45 LOG5[32194:3086764944]: Connection closed: 121 bytes
sent to SSL, 0 bytes sent to socket
2009.02.01 15:55:45 LOG7[32194:3086764944]: http finished (0 left)
2009.02.01 15:55:46 LOG7[32194:3086767824]: http accepted FD=13 from
127.0.0.1:54338
2009.02.01 15:55:46 LOG7[32194:3086764944]: http started
2009.02.01 15:55:46 LOG7[32194:3086764944]: FD 13 in non-blocking mode
2009.02.01 15:55:46 LOG7[32194:3086764944]: TCP_NODELAY option set on
local socket
2009.02.01 15:55:46 LOG7[32194:3086764944]: Waiting for a libwrap
process
2009.02.01 15:55:46 LOG7[32194:3086764944]: Acquired libwrap process #0
2009.02.01 15:55:46 LOG7[32194:3086764944]: Releasing libwrap process #0
2009.02.01 15:55:46 LOG7[32194:3086764944]: Released libwrap process #0
2009.02.01 15:55:46 LOG7[32194:3086764944]: http permitted by libwrap
from 127.0.0.1:54338
2009.02.01 15:55:46 LOG5[32194:3086764944]: http accepted connection
from 127.0.0.1:54338
2009.02.01 15:55:46 LOG7[32194:3086764944]: FD 14 in non-blocking mode
2009.02.01 15:55:46 LOG7[32194:3086764944]: http connecting
213.151.200.57:443
2009.02.01 15:55:46 LOG7[32194:3086764944]: connect_wait: waiting 10
seconds
2009.02.01 15:55:46 LOG7[32194:3086764944]: connect_wait: connected
2009.02.01 15:55:46 LOG5[32194:3086764944]: http connected remote server
from 192.168.2.66:54005
2009.02.01 15:55:46 LOG7[32194:3086764944]: Remote FD=14 initialized
2009.02.01 15:55:46 LOG7[32194:3086764944]: TCP_NODELAY option set on
remote socket
2009.02.01 15:55:46 LOG7[32194:3086764944]: SSL state (connect):
before/connect initialization
2009.02.01 15:55:46 LOG7[32194:3086764944]: SSL state (connect): SSLv3
write client hello A
2009.02.01 15:55:46 LOG7[32194:3086764944]: SSL state (connect): SSLv3
read server hello A
2009.02.01 15:55:46 LOG7[32194:3086764944]: SSL state (connect): SSLv3
read finished A
2009.02.01 15:55:46 LOG7[32194:3086764944]: SSL state (connect): SSLv3
write change cipher spec A
2009.02.01 15:55:46 LOG7[32194:3086764944]: SSL state (connect): SSLv3
write finished A
2009.02.01 15:55:46 LOG7[32194:3086764944]: SSL state (connect): SSLv3
flush data
2009.02.01 15:55:46 LOG7[32194:3086764944]:    1 items in the session
cache
2009.02.01 15:55:46 LOG7[32194:3086764944]:    2 client connects
(SSL_connect())
2009.02.01 15:55:46 LOG7[32194:3086764944]:    2 client connects that
finished
2009.02.01 15:55:46 LOG7[32194:3086764944]:    0 client renegotiations
requested
2009.02.01 15:55:46 LOG7[32194:3086764944]:    0 server connects
(SSL_accept())
2009.02.01 15:55:46 LOG7[32194:3086764944]:    0 server connects that
finished
2009.02.01 15:55:46 LOG7[32194:3086764944]:    0 server renegotiations
requested
2009.02.01 15:55:46 LOG7[32194:3086764944]:    1 session cache hits
2009.02.01 15:55:46 LOG7[32194:3086764944]:    0 session cache misses
2009.02.01 15:55:46 LOG7[32194:3086764944]:    0 session cache timeouts
2009.02.01 15:55:46 LOG6[32194:3086764944]: SSL connected: previous
session reused
2009.02.01 15:55:46 LOG7[32194:3086764944]: SSL alert (read): warning:
close notify
2009.02.01 15:55:46 LOG7[32194:3086764944]: SSL closed on SSL_read
2009.02.01 15:55:46 LOG7[32194:3086764944]: Socket write shutdown
2009.02.01 15:55:46 LOG7[32194:3086764944]: SSL write shutdown
2009.02.01 15:55:46 LOG7[32194:3086764944]: SSL alert (write): warning:
close notify
2009.02.01 15:55:46 LOG6[32194:3086764944]: SSL_shutdown successfully
sent close_notify
2009.02.01 15:55:46 LOG7[32194:3086764944]: Socket closed on read
2009.02.01 15:55:46 LOG5[32194:3086764944]: Connection closed: 121 bytes
sent to SSL, 0 bytes sent to socket
2009.02.01 15:55:46 LOG7[32194:3086764944]: http finished (0 left)

tamper data (firefox plugin) show nothing interesting, in firefox I have
a blank page if I connect using stunnel,

the same web site fails with python httplib too but it works fine if I
use squid as reverse proxy both wget and firefox,

thanks
Nicola
> 
> Can you provide error messages, maybe the output of 'Live HTTP headers' (a 
> firefox plugin)
> 
> CU




More information about the stunnel-users mailing list