<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Hi All ,<br>
it's mandatory for use stunnel wich the infrastructure has client
stunnel and server stunnel ??<br>
<br>
Or I can have client stunnel vs Web server HTTPS without stunnel
server , only web server https .<br>
<br>
I newbie in stunnel , but i think is mandatory install stunnel in
both sites , that's is correct?<br>
<br>
Regards<br>
<br>
<br>
<div class="moz-cite-prefix">On 05/03/18 20:23, Carlos Castro wrote:<br>
</div>
<blockquote type="cite"
cite="mid:59947d28-4807-6b52-2a1c-eb9e2f5a6cf7@gmail.com">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<p>Thanks @Mike</p>
<p>If possible use Squid + stunnel to solve the problem with
host header? The application is very very old .</p>
<p>Thanks<br>
</p>
<br>
<div class="moz-cite-prefix">On 05/03/18 20:06, Mike Spooner
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:65560381.2.1520276818821.JavaMail.mike.spooner.ux@gmail.com">
<p>The problem is the "Host: ..." header that is being sent to
the remote server. You need to configure 127.0.0.1:19021 as a
proxy in your app (and curl) and then have the app (curl)
fetch <a class="moz-txt-link-freetext"
href="https://ctm.omego.net" moz-do-not-send="true">https://ctm.omego.net</a><br>
</p>
<p> <br>
</p>
<p>Not sure how to do that in curl, but search the curl manpage
for any mentions of "proxy".<br>
<br>
</p>
<p>-- Mike Spooner<br>
<br>
</p>
<div class="dm__nested">
<div class="dm__nested_header">--------- Original Message
---------<br>
<b>From</b>: Carlos Castro <carlos.castro.guerrero@gmail.com><br>
<b>Date</b>: Mon Mar 05 12:28:15 GMT+00:00 2018<br>
<b>Subject</b>: Re: [stunnel-users] Connect using TLS with
public Web Server<br>
</carlos.castro.guerrero@gmail.com></div>
Hello<br>
<br>
Thanks @Peter<br>
<br>
<br>
Yes , my application not support TLS and I need the
application connect <br>
using TLS , for this i using stunnel (i hope)<br>
<br>
When I make curl -v <a class="moz-txt-link-freetext"
href="http://127.0.0.1:19021" moz-do-not-send="true">http://127.0.0.1:19021</a>
:<br>
<br>
curl -v <a class="moz-txt-link-freetext"
href="http://127.0.0.1:19201" moz-do-not-send="true">http://127.0.0.1:19201</a><br>
* Rebuilt URL to: <a class="moz-txt-link-freetext"
href="http://127.0.0.1:19201/" moz-do-not-send="true">http://127.0.0.1:19201/</a><br>
* Trying 127.0.0.1...<br>
* Connected to 127.0.0.1 (127.0.0.1) port 19201 (#0)<br>
> GET / HTTP/1.1<br>
> Host: 127.0.0.1:19201<br>
> User-Agent: curl/7.47.0<br>
> Accept: */*<br>
><br>
* HTTP 1.0, assume close after body<br>
< HTTP/1.0 400 Bad Request<br>
< Server: AkamaiGHost<br>
< Mime-Version: 1.0<br>
< Content-Type: text/html<br>
< Content-Length: 208<br>
< Expires: Mon, 05 Mar 2018 12:25:53 GMT<br>
< Date: Mon, 05 Mar 2018 12:25:53 GMT<br>
< Connection: close<br>
<br>
The web ctm.omgeo.net only works in mode HTTPS , .<br>
<br>
Thanks Peter<br>
<br>
<br>
On 05/03/18 13:22, Peter Pentchev wrote:<br>
> On Mon, Mar 05, 2018 at 12:32:41PM +0100, Carlos Castro
wrote:<br>
>> Hello ,<br>
>><br>
>> Thanks @Peter<br>
>><br>
>> I'm trying to configure to connect with my PC to this
Public server<br>
>> <a class="moz-txt-link-freetext"
href="https://ctm.omgeo.net" moz-do-not-send="true">https://ctm.omgeo.net</a>
using TLS1.2 but i don't can.<br>
>><br>
>> I'm need setup stunnel for old application doesn't
support TLS , and this<br>
>> application need connect with this public server to
send data.<br>
>><br>
>><br>
>> I'm using the Peter config , but nothing . I try this
config :<br>
>><br>
>> [omgeo]<br>
>> client = yes<br>
>> accept = 127.0.0.1:19201<br>
>> connect = ctm.omgeo.net:443<br>
>> verify = 2<br>
>> CApath = /etc/ssl/certs/<br>
>><br>
>><br>
>> I'm using Curl to try connect , I'm recive this
error<br>
>><br>
>> /etc/ssl/certs# curl -v <a
class="moz-txt-link-freetext" href="https://127.0.0.1:19201"
moz-do-not-send="true">https://127.0.0.1:19201</a><br>
> Maybe I'm reading this wrong, but if your client
application does not<br>
> support TLS, then it won't speak HTTPS, it would speak
plain HTTP.<br>
> That's what the configuration you're using does - it
tells stunnel to<br>
> run in client mode, i.e. something will connect to
stunnel using<br>
> an unencrypted connection and stunnel will connect to a
TLS server<br>
> (in this case an HTTPS server).<br>
><br>
> So what happens when you try almost the same query, but
with the "http"<br>
> scheme instead of the "https" one?<br>
><br>
> curl -v <a class="moz-txt-link-freetext"
href="http://127.0.0.1:19201" moz-do-not-send="true">http://127.0.0.1:19201</a><br>
><br>
> G'luck,<br>
> Peter<br>
><br>
<br>
_______________________________________________<br>
stunnel-users mailing list<br>
<a class="moz-txt-link-abbreviated"
href="mailto:stunnel-users@stunnel.org"
moz-do-not-send="true">stunnel-users@stunnel.org</a><br>
<a class="moz-txt-link-freetext"
href="https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users"
moz-do-not-send="true">https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users</a><br>
</div>
</blockquote>
<br>
</blockquote>
<br>
</body>
</html>