Thomas,
After a few exchanges a few hours ago with the folk at STunnel I can confirm that the "problem" was that the company uses host headers. Here is the procedure I used to sort it out:
1. Modify the windows host file and add the following entry 127.0.0.1 rest.nexmo.com. If your STunnel ir running on a different machines, set the 127.0.0.1 to the IP address of the Stunnel server.
2. Add the following to the stunnel.conf file (you may alter the port) [nexmo] client = yes accept = 9013 connect = 174.120.166.82:443 TIMEOUTclose = 0
3. Start sending secure SMSs as follows (note the port number much match the one set in stunnel.conf) http://rest.nexmo.com:9013/sms/xml?username=xxxxxxx&password=xxxxxxx&... xxxxxx&to=xxxxxxx&text=xxxxxxx
This will bypass the issue related to host headers and I can confirm that the solution has worked.
The setup is useful if using server technology that does not natively support SSL as is our case.
Hope this helps.
Alan
---------------------------------------------------------------------------- ----------------------------------------
Alan;
While I don't generally use Stunnel for HTTPS, I found your question interesting. Since I'm always trying to experiment with configurations of and applications for Stunnel, I decided to give it a whirl.
I'm happy to confirm that it works just fine for me. I'm not connecting to the site in your example, but the principle is the same. Perhaps the answer lies in how your browser parses that URL, and how, as a result, it inserts that data into the stream.
For the experiment, I used Firefox 9.0.1 running under Windows XP x86 with Stunnel version 4.53.
My test config was:
debug = 6 fips = no delay = yes output = stunnel.log
[https] client = yes accept = 127.0.1.21:7777 connect = www.host.domain:443
Where www.host.domain is just an example. As you can see, I did not include any TIMEOUTclose statement in my config file.
Then I pointed the browser at http://127.0.1.21:7777/do/mypage/longparameterstringhere.
As far as I can tell, all of the parameters contained in that string were passed on to the web site without any difficulty.
You might want to check your log window to see what's happening when you try to connect via Stunnel. Here's an actual example of the connection activity from my log:
2012.03.22 21:20:51 LOG5[992:2548]: Service [https] accepted connection from ***.**.***.*:2671 2012.03.22 21:20:51 LOG6[992:2548]: connect_blocking: connecting ***.***.***.***:443 2012.03.22 21:20:51 LOG5[992:2548]: connect_blocking: connected ***.***.***.***:443 2012.03.22 21:20:51 LOG5[992:2548]: Service [https] connected remote server from ***.**.***.*:2672 2012.03.22 21:20:51 LOG6[992:2548]: SSL connected: new session negotiated 2012.03.22 21:20:51 LOG6[992:2548]: Negotiated TLSv1/SSLv3 ciphersuite: RC4-SHA (128-bit encryption) 2012.03.22 21:20:51 LOG6[992:2548]: Compression: null, expansion: null 2012.03.22 21:21:00 LOG6[992:2548]: SSL_shutdown successfully sent close_notify alert 2012.03.22 21:21:00 LOG5[992:2548]: Connection closed: 1879 byte(s) sent to SSL, 128546 byte(s) sent to socket
If you have to post again, it would be helpful if you included more detail.
Good luck with your application!
Thomas
On 3/21/2012 9:50 AM, Alan C. Bonnici wrote:
Hi,
I am new to STunnel. I am trying to connect to a service provided by nexmo.com.
If from a browser I type the following:
https://rest.nexmo.com/sms/xml?username=xxxxxxx&password=xxxxx&from=... to=xxxxxxx&text=xxxxxxxxxx
The process works.
I just installed stunnel and have the following config file
; Debugging stuff (may useful for troubleshooting)
;debug = 7
;output = stunnel.log
; Certificate/key is needed in server mode and optional in client mode
cert = stunnel.pem
;key = stunnel.pem
; Disable support for insecure SSLv2 protocol
options = NO_SSLv2
[nexmo]
client = yes
accept = 9012
connect = rest.nexmo.com:443
TIMEOUTclose = 0
When I type
http://127.0.0.1:9012/sms/xml?username=xxxxxxx&password=xxxxx&from=x... o=xxxxxxx&text=xxxxxxxxxx
it does not.
Can anyone please confirm whether what I am trying to do is doable and maybe highlight what I am doing wrong.
Regards,
Alan
stunnel-users mailing list [email protected] http://stunnel.mirt.net/mailman/listinfo/stunnel-users