[stunnel-users] Can this be done by Stunnel

Fri Mar 23 04:18:06 CET 2012

Alan;

While I don't generally use Stunnel for HTTPS, I found your question 
interesting.  Since I'm always trying
to experiment with configurations of and applications for Stunnel, I 
decided to give it a whirl.

I'm happy to confirm that it works just fine for me.  I'm not connecting 
to the site in your example,
but the principle is the same. Perhaps the answer lies in how your 
browser parses that URL,
and how, as a result, it inserts that data into the stream.

For the experiment, I used Firefox 9.0.1 running under Windows XP x86 
with Stunnel version 4.53.

My test config was:

debug = 6
fips = no
delay = yes
output = stunnel.log

[https]
client = yes
accept = 127.0.1.21:7777
connect = www.host.domain:443

Where www.host.domain is just an example.  As you can see, I did not 
include any
TIMEOUTclose statement in my config file.

Then I pointed the browser at 
http://127.0.1.21:7777/do/mypage/longparameterstringhere.

As far as I can tell, all of the parameters contained in that string 
were passed on to the web site without
any difficulty.

You might want to check your log window to see what's happening when you 
try to connect via Stunnel.
Here's an actual example of the connection activity from my log:

2012.03.22 21:20:51 LOG5[992:2548]: Service [https] accepted connection 
from ***.**.***.*:2671
2012.03.22 21:20:51 LOG6[992:2548]: connect_blocking: connecting 
***.***.***.***:443
2012.03.22 21:20:51 LOG5[992:2548]: connect_blocking: connected 
***.***.***.***:443
2012.03.22 21:20:51 LOG5[992:2548]: Service [https] connected remote 
server from ***.**.***.*:2672
2012.03.22 21:20:51 LOG6[992:2548]: SSL connected: new session negotiated
2012.03.22 21:20:51 LOG6[992:2548]: Negotiated TLSv1/SSLv3 ciphersuite: 
RC4-SHA (128-bit encryption)
2012.03.22 21:20:51 LOG6[992:2548]: Compression: null, expansion: null
2012.03.22 21:21:00 LOG6[992:2548]: SSL_shutdown successfully sent 
close_notify alert
2012.03.22 21:21:00 LOG5[992:2548]: Connection closed: 1879 byte(s) sent 
to SSL, 128546 byte(s) sent to socket

If you have to post again, it would be helpful if you included more detail.

Good luck with your application!

Thomas

On 3/21/2012 9:50 AM, Alan C. Bonnici wrote:
>
> Hi,
>
> I am new to STunnel. I am trying to connect to a service provided by 
> nexmo.com.
>
> If from a browser I type the following:
>
> https://rest.nexmo.com/sms/xml?username=xxxxxxx&password=xxxxx&from=xxxxxxx&to=xxxxxxx&text=xxxxxxxxxx 
> <https://rest.nexmo.com/sms/xml?username=xxxxxxx&password=xxxxx&from=xxxxxxx&to=xxxxxxx&text=xxxxxxxxxx>
>
> The process works.
>
> I just installed stunnel and have the following config file
>
> ; Debugging stuff (may useful for troubleshooting)
>
> ;debug = 7
>
> ;output = stunnel.log
>
> ; Certificate/key is needed in server mode and optional in client mode
>
> cert = stunnel.pem
>
> ;key = stunnel.pem
>
> ; Disable support for insecure SSLv2 protocol
>
> options = NO_SSLv2
>
> [nexmo]
>
> client = yes
>
> accept =  9012
>
> connect = rest.nexmo.com:443
>
> TIMEOUTclose = 0
>
> When I type
>
> http://127.0.0.1:9012/sms/xml?username=xxxxxxx&password=xxxxx&from=xxxxxxx&to=xxxxxxx&text=xxxxxxxxxx 
>
>
> it does not.
>
> Can anyone please confirm whether what I am trying to do is doable and 
> maybe highlight what I am doing wrong.
>
> Regards,
>
> Alan
>
>
>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> http://stunnel.mirt.net/mailman/listinfo/stunnel-users

-- 
Attention: This message and all attachments are private and may contain information that is confidential and privileged. If you received this message in error, please notify the sender by reply email and delete the message immediately.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20120322/f8e00c62/attachment.html>