Re: [Comm] https debug in browsers

ALT Linux Community general discussions
 help / color / mirror / Atom feed

From: Eugene Prokopiev <prokopiev@stc.donpac.ru>
To: ALT Linux Community <community@lists.altlinux.org>
Subject: Re: [Comm] https debug in browsers
Date: Wed, 06 Dec 2006 16:07:17 +0300
Message-ID: <4576C085.5000507@stc.donpac.ru> (raw)
In-Reply-To: <45767615.10106@stc.donpac.ru>

>>1. HTTP+stunnel; вообще stunnel рекомендую всячески
> 
> 
> запустил, первая страничка отобразилась, но после попытки пройти 
> form-based авторизацию все браузеры (Gecko и links) отваливаются со 
> словами вроде SSL error

если быть точным, то Firefox заявляет: "The connection to localhost:8080 
has terminated unexpectedly. Some data may have been transferred."

stunnel при этом говорит:

# stunnel -c -d 8080 -r hostname.ru:443 -D 7 -f

2006.12.06 15:58:06 LOG5[5139:16384]: Using 'hostname.ru.443' as 
tcpwrapper service name
2006.12.06 15:58:06 LOG7[5139:16384]: Snagged 64 random bytes from 
/root/.rnd
2006.12.06 15:58:06 LOG7[5139:16384]: Wrote 1024 new random bytes to 
/root/.rnd
2006.12.06 15:58:06 LOG7[5139:16384]: RAND_status claims sufficient 
entropy for the PRNG
2006.12.06 15:58:06 LOG6[5139:16384]: PRNG seeded successfully
2006.12.06 15:58:06 LOG5[5139:16384]: stunnel 3.26 on i586-alt-linux-gnu 
PTHREAD+LIBWRAP with OpenSSL 0.9.7d 17 Mar 2004
2006.12.06 15:58:06 LOG7[5139:16384]: Created pid file 
/var/run/stunnel.hostname.ru.443.pid
2006.12.06 15:58:06 LOG5[5139:16384]: FD_SETSIZE=1024, file ulimit=1024 
-> 500 clients allowed
2006.12.06 15:58:06 LOG7[5139:16384]: SO_REUSEADDR option set on accept 
socket
2006.12.06 15:58:06 LOG7[5139:16384]: hostname.ru.443 bound to 0.0.0.0:8080
2006.12.06 15:58:15 LOG7[5139:16384]: hostname.ru.443 accepted FD=7 from 
127.0.0.1:32810
2006.12.06 15:58:15 LOG7[5142:16386]: hostname.ru.443 started
2006.12.06 15:58:15 LOG5[5142:16386]: hostname.ru.443 connected from 
127.0.0.1:32810
2006.12.06 15:58:15 LOG7[5142:16386]: hostname.ru.443 connecting 
65.181.62.138:443
2006.12.06 15:58:15 LOG7[5142:16386]: Remote FD=10 initialized
2006.12.06 15:58:15 LOG7[5142:16386]: Relying on OpenSSL RSA Blinding.
2006.12.06 15:58:15 LOG7[5142:16386]: SSL state (connect): 
before/connect initialization
2006.12.06 15:58:15 LOG7[5142:16386]: SSL state (connect): SSLv3 write 
client hello A
2006.12.06 15:58:15 LOG7[5142:16386]: SSL state (connect): SSLv3 read 
server hello A
2006.12.06 15:58:15 LOG7[5142:16386]: SSL state (connect): SSLv3 read 
server certificate A
2006.12.06 15:58:15 LOG7[5142:16386]: SSL state (connect): SSLv3 read 
server key exchange A
2006.12.06 15:58:15 LOG7[5142:16386]: SSL state (connect): SSLv3 read 
server done A
2006.12.06 15:58:15 LOG7[5142:16386]: SSL state (connect): SSLv3 write 
client key exchange A
2006.12.06 15:58:15 LOG7[5142:16386]: SSL state (connect): SSLv3 write 
change cipher spec A
2006.12.06 15:58:15 LOG7[5142:16386]: SSL state (connect): SSLv3 write 
finished A
2006.12.06 15:58:15 LOG7[5142:16386]: SSL state (connect): SSLv3 flush data
2006.12.06 15:58:15 LOG7[5142:16386]: SSL state (connect): SSLv3 read 
finished A
2006.12.06 15:58:15 LOG7[5142:16386]:    1 items in the session cache
2006.12.06 15:58:15 LOG7[5142:16386]:    1 client connects (SSL_connect())
2006.12.06 15:58:15 LOG7[5142:16386]:    1 client connects that finished
2006.12.06 15:58:15 LOG7[5142:16386]:    0 client renegotiatations requested
2006.12.06 15:58:15 LOG7[5142:16386]:    0 server connects (SSL_accept())
2006.12.06 15:58:15 LOG7[5142:16386]:    0 server connects that finished
2006.12.06 15:58:15 LOG7[5142:16386]:    0 server renegotiatiations 
requested
2006.12.06 15:58:15 LOG7[5142:16386]:    0 session cache hits
2006.12.06 15:58:15 LOG7[5142:16386]:    0 session cache misses
2006.12.06 15:58:15 LOG7[5142:16386]:    0 session cache timeouts
2006.12.06 15:58:15 LOG6[5142:16386]: Negotiated ciphers: 
EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
2006.12.06 15:58:20 LOG7[5142:16386]: Socket closed on read
2006.12.06 15:58:20 LOG7[5142:16386]: SSL alert (write): warning: close 
notify
2006.12.06 15:58:20 LOG7[5142:16386]: SSL write shutdown (output buffer 
empty)
2006.12.06 15:58:20 LOG7[5139:16384]: hostname.ru.443 accepted FD=11 
from 127.0.0.1:32812
2006.12.06 15:58:20 LOG7[5144:32771]: hostname.ru.443 started
2006.12.06 15:58:20 LOG5[5144:32771]: hostname.ru.443 connected from 
127.0.0.1:32812
2006.12.06 15:58:20 LOG7[5144:32771]: hostname.ru.443 connecting 
65.181.62.138:443
2006.12.06 15:58:20 LOG7[5142:16386]: SSL alert (read): warning: close 
notify
2006.12.06 15:58:20 LOG7[5142:16386]: SSL closed on SSL_read
2006.12.06 15:58:20 LOG7[5142:16386]: Socket write shutdown (output 
buffer empty)
2006.12.06 15:58:20 LOG5[5142:16386]: Connection closed: 1011 bytes sent 
to SSL, 2411 bytes sent to socket
2006.12.06 15:58:20 LOG7[5142:16386]: hostname.ru.443 finished (0 left)
2006.12.06 15:58:20 LOG7[5144:32771]: Remote FD=12 initialized
2006.12.06 15:58:20 LOG7[5144:32771]: Relying on OpenSSL RSA Blinding.
2006.12.06 15:58:20 LOG7[5144:32771]: SSL state (connect): 
before/connect initialization
2006.12.06 15:58:20 LOG7[5144:32771]: SSL state (connect): SSLv3 write 
client hello A
2006.12.06 15:58:20 LOG7[5144:32771]: SSL state (connect): SSLv3 read 
server hello A
2006.12.06 15:58:20 LOG7[5144:32771]: SSL state (connect): SSLv3 read 
finished A
2006.12.06 15:58:20 LOG7[5144:32771]: SSL state (connect): SSLv3 write 
change cipher spec A
2006.12.06 15:58:20 LOG7[5144:32771]: SSL state (connect): SSLv3 write 
finished A
2006.12.06 15:58:20 LOG7[5144:32771]: SSL state (connect): SSLv3 flush data
2006.12.06 15:58:20 LOG7[5144:32771]:    1 items in the session cache
2006.12.06 15:58:20 LOG7[5144:32771]:    2 client connects (SSL_connect())
2006.12.06 15:58:20 LOG7[5144:32771]:    2 client connects that finished
2006.12.06 15:58:20 LOG7[5144:32771]:    0 client renegotiatations requested
2006.12.06 15:58:20 LOG7[5144:32771]:    0 server connects (SSL_accept())
2006.12.06 15:58:20 LOG7[5144:32771]:    0 server connects that finished
2006.12.06 15:58:20 LOG7[5144:32771]:    0 server renegotiatiations 
requested
2006.12.06 15:58:20 LOG7[5144:32771]:    1 session cache hits
2006.12.06 15:58:20 LOG7[5144:32771]:    0 session cache misses
2006.12.06 15:58:20 LOG7[5144:32771]:    0 session cache timeouts
2006.12.06 15:58:20 LOG6[5144:32771]: Negotiated ciphers: 
EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
2006.12.06 15:58:25 LOG7[5139:16384]: hostname.ru.443 accepted FD=7 from 
127.0.0.1:32814
2006.12.06 15:58:25 LOG7[5145:49154]: hostname.ru.443 started
2006.12.06 15:58:25 LOG5[5145:49154]: hostname.ru.443 connected from 
127.0.0.1:32814
2006.12.06 15:58:25 LOG7[5145:49154]: hostname.ru.443 connecting 
65.181.62.138:443
2006.12.06 15:58:25 LOG7[5145:49154]: Remote FD=10 initialized
2006.12.06 15:58:25 LOG7[5145:49154]: Relying on OpenSSL RSA Blinding.
2006.12.06 15:58:25 LOG7[5145:49154]: SSL state (connect): 
before/connect initialization
2006.12.06 15:58:25 LOG7[5145:49154]: SSL state (connect): SSLv3 write 
client hello A
2006.12.06 15:58:25 LOG7[5145:49154]: SSL state (connect): SSLv3 read 
server hello A
2006.12.06 15:58:25 LOG7[5145:49154]: SSL state (connect): SSLv3 read 
finished A
2006.12.06 15:58:25 LOG7[5145:49154]: SSL state (connect): SSLv3 write 
change cipher spec A
2006.12.06 15:58:25 LOG7[5145:49154]: SSL state (connect): SSLv3 write 
finished A
2006.12.06 15:58:25 LOG7[5145:49154]: SSL state (connect): SSLv3 flush data
2006.12.06 15:58:25 LOG7[5145:49154]:    1 items in the session cache
2006.12.06 15:58:25 LOG7[5145:49154]:    3 client connects (SSL_connect())
2006.12.06 15:58:25 LOG7[5145:49154]:    3 client connects that finished
2006.12.06 15:58:25 LOG7[5145:49154]:    0 client renegotiatations requested
2006.12.06 15:58:25 LOG7[5145:49154]:    0 server connects (SSL_accept())
2006.12.06 15:58:25 LOG7[5145:49154]:    0 server connects that finished
2006.12.06 15:58:25 LOG7[5145:49154]:    0 server renegotiatiations 
requested
2006.12.06 15:58:25 LOG7[5145:49154]:    2 session cache hits
2006.12.06 15:58:25 LOG7[5145:49154]:    0 session cache misses
2006.12.06 15:58:25 LOG7[5145:49154]:    0 session cache timeouts
2006.12.06 15:58:25 LOG6[5145:49154]: Negotiated ciphers: 
EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
2006.12.06 15:58:25 LOG7[5145:49154]: SSL alert (read): warning: close 
notify
2006.12.06 15:58:25 LOG7[5145:49154]: SSL closed on SSL_read
2006.12.06 15:58:25 LOG7[5145:49154]: SSL alert (write): warning: close 
notify
2006.12.06 15:58:25 LOG7[5145:49154]: SSL write shutdown (output buffer 
empty)
2006.12.06 15:58:25 LOG7[5145:49154]: Socket write shutdown (output 
buffer empty)
2006.12.06 15:58:25 LOG5[5145:49154]: Connection closed: 105 bytes sent 
to SSL, 42 bytes sent to socket
2006.12.06 15:58:25 LOG7[5145:49154]: hostname.ru.443 finished (1 left)
2006.12.06 15:58:29 LOG3[5139:16384]: Received signal 2; terminating
2006.12.06 15:58:29 LOG7[5139:16384]: removing pid file 
/var/run/stunnel.hostname.ru.443.pid

Кстати, сертификат на том конце самоподписанный и с истекшим сроком 
годности. Может ли это быть причиной проблемы?

-- 
С уважением, Прокопьев Евгений

next prev parent reply	other threads:[~2006-12-06 13:07 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-11-28 19:11 Eugene Prokopiev
2006-11-29  7:59 ` Чернов Евгений
2006-12-06  7:52   ` Eugene Prokopiev
2006-12-03  8:35 ` Fr. Br. George
2006-12-06  7:49   ` Eugene Prokopiev
2006-12-06 13:07     ` Eugene Prokopiev [this message]
2006-12-03  9:22 ` Peter Volkov
2006-12-06  7:47   ` Eugene Prokopiev
2006-12-06  8:36     ` Maxim Ivanov
2006-12-06 10:11       ` Eugene Prokopiev
2006-12-06 11:52         ` Maxim Ivanov
2006-12-07  5:27           ` Eugene Prokopiev
2006-12-07  6:34             ` Maxim Ivanov
2006-12-07 10:14               ` Eugene Prokopiev
2006-12-06 14:00     ` Fr. Br. George
2006-12-07  5:47       ` Eugene Prokopiev
2006-12-14 13:59 ` Alexander Borovsky

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4576C085.5000507@stc.donpac.ru \
    --to=prokopiev@stc.donpac.ru \
    --cc=community@lists.altlinux.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

ALT Linux Community general discussions

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 community community/ http://lore.altlinux.org/community \
		mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com
	public-inbox-index community

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://lore.altlinux.org/org.altlinux.lists.community


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git