[stunnel-users] Can this be done by Stunnel

Alan C. Bonnici chribonn at gmail.com
Fri Mar 23 12:37:46 CET 2012


Thomas,

After a few exchanges a few hours ago with the folk at STunnel I can confirm
that the "problem" was that the company uses host headers. Here is the
procedure I used to sort it out:

1. Modify the windows host file and add the following entry 127.0.0.1
rest.nexmo.com.  If your STunnel ir running on a different machines, set the
127.0.0.1 to the IP address of the Stunnel server.

2. Add the following to the stunnel.conf file (you may alter the port)
[nexmo] 
client = yes 
accept = 9013 
connect = 174.120.166.82:443 
TIMEOUTclose = 0

3. Start sending secure SMSs as follows (note the port number much match the
one set in stunnel.conf)
http://rest.nexmo.com:9013/sms/xml?username=xxxxxxx&password=xxxxxxx&from=xx
xxxxxx&to=xxxxxxx&text=xxxxxxx

This will bypass the issue related to host headers and I can confirm that
the solution has worked.

The setup is useful if using server technology that does not natively
support SSL as is our case.

Hope this helps.

Alan

----------------------------------------------------------------------------
----------------------------------------


Alan;

While I don't generally use Stunnel for HTTPS, I found your question 
interesting.  Since I'm always trying
to experiment with configurations of and applications for Stunnel, I 
decided to give it a whirl.

I'm happy to confirm that it works just fine for me.  I'm not connecting 
to the site in your example,
but the principle is the same. Perhaps the answer lies in how your 
browser parses that URL,
and how, as a result, it inserts that data into the stream.

For the experiment, I used Firefox 9.0.1 running under Windows XP x86 
with Stunnel version 4.53.

My test config was:

debug = 6
fips = no
delay = yes
output = stunnel.log

[https]
client = yes
accept = 127.0.1.21:7777
connect = www.host.domain:443

Where www.host.domain is just an example.  As you can see, I did not 
include any
TIMEOUTclose statement in my config file.

Then I pointed the browser at 
http://127.0.1.21:7777/do/mypage/longparameterstringhere.

As far as I can tell, all of the parameters contained in that string 
were passed on to the web site without
any difficulty.

You might want to check your log window to see what's happening when you 
try to connect via Stunnel.
Here's an actual example of the connection activity from my log:

2012.03.22 21:20:51 LOG5[992:2548]: Service [https] accepted connection 
from ***.**.***.*:2671
2012.03.22 21:20:51 LOG6[992:2548]: connect_blocking: connecting 
***.***.***.***:443
2012.03.22 21:20:51 LOG5[992:2548]: connect_blocking: connected 
***.***.***.***:443
2012.03.22 21:20:51 LOG5[992:2548]: Service [https] connected remote 
server from ***.**.***.*:2672
2012.03.22 21:20:51 LOG6[992:2548]: SSL connected: new session negotiated
2012.03.22 21:20:51 LOG6[992:2548]: Negotiated TLSv1/SSLv3 ciphersuite: 
RC4-SHA (128-bit encryption)
2012.03.22 21:20:51 LOG6[992:2548]: Compression: null, expansion: null
2012.03.22 21:21:00 LOG6[992:2548]: SSL_shutdown successfully sent 
close_notify alert
2012.03.22 21:21:00 LOG5[992:2548]: Connection closed: 1879 byte(s) sent 
to SSL, 128546 byte(s) sent to socket

If you have to post again, it would be helpful if you included more detail.

Good luck with your application!

Thomas


On 3/21/2012 9:50 AM, Alan C. Bonnici wrote:
>
> Hi,
>
> I am new to STunnel. I am trying to connect to a service provided by 
> nexmo.com.
>
> If from a browser I type the following:
>
>
https://rest.nexmo.com/sms/xml?username=xxxxxxx&password=xxxxx&from=xxxxxxx&
to=xxxxxxx&text=xxxxxxxxxx 
>
<https://rest.nexmo.com/sms/xml?username=xxxxxxx&password=xxxxx&from=xxxxxxx
&to=xxxxxxx&text=xxxxxxxxxx>
>
> The process works.
>
> I just installed stunnel and have the following config file
>
> ; Debugging stuff (may useful for troubleshooting)
>
> ;debug = 7
>
> ;output = stunnel.log
>
> ; Certificate/key is needed in server mode and optional in client mode
>
> cert = stunnel.pem
>
> ;key = stunnel.pem
>
> ; Disable support for insecure SSLv2 protocol
>
> options = NO_SSLv2
>
> [nexmo]
>
> client = yes
>
> accept =  9012
>
> connect = rest.nexmo.com:443
>
> TIMEOUTclose = 0
>
> When I type
>
>
http://127.0.0.1:9012/sms/xml?username=xxxxxxx&password=xxxxx&from=xxxxxxx&t
o=xxxxxxx&text=xxxxxxxxxx 
>
>
> it does not.
>
> Can anyone please confirm whether what I am trying to do is doable and 
> maybe highlight what I am doing wrong.
>
> Regards,
>
> Alan
>
>
>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> http://stunnel.mirt.net/mailman/listinfo/stunnel-users

-- 
Attention: This message and all attachments are private and may contain
information that is confidential and privileged. If you received this
message in error, please notify the sender by reply email and delete the
message immediately.

-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://stunnel.mirt.net/pipermail/stunnel-users/attachments/20120322/f8e00c
62/attachment-0001.html>

------------------------------

_______________________________________________
stunnel-users mailing list
stunnel-users at stunnel.org
http://stunnel.mirt.net/mailman/listinfo/stunnel-users


End of stunnel-users Digest, Vol 92, Issue 22
*********************************************




More information about the stunnel-users mailing list