From: Eugene Prokopiev <prokopiev@stc.donpac.ru>
To: ALT Linux Community <community@lists.altlinux.org>
Subject: Re: [Comm] https debug in browsers
Date: Wed, 06 Dec 2006 16:07:17 +0300
Message-ID: <4576C085.5000507@stc.donpac.ru> (raw)
In-Reply-To: <45767615.10106@stc.donpac.ru>
>>1. HTTP+stunnel; вообще stunnel рекомендую всячески
>
>
> запустил, первая страничка отобразилась, но после попытки пройти
> form-based авторизацию все браузеры (Gecko и links) отваливаются со
> словами вроде SSL error
если быть точным, то Firefox заявляет: "The connection to localhost:8080
has terminated unexpectedly. Some data may have been transferred."
stunnel при этом говорит:
# stunnel -c -d 8080 -r hostname.ru:443 -D 7 -f
2006.12.06 15:58:06 LOG5[5139:16384]: Using 'hostname.ru.443' as
tcpwrapper service name
2006.12.06 15:58:06 LOG7[5139:16384]: Snagged 64 random bytes from
/root/.rnd
2006.12.06 15:58:06 LOG7[5139:16384]: Wrote 1024 new random bytes to
/root/.rnd
2006.12.06 15:58:06 LOG7[5139:16384]: RAND_status claims sufficient
entropy for the PRNG
2006.12.06 15:58:06 LOG6[5139:16384]: PRNG seeded successfully
2006.12.06 15:58:06 LOG5[5139:16384]: stunnel 3.26 on i586-alt-linux-gnu
PTHREAD+LIBWRAP with OpenSSL 0.9.7d 17 Mar 2004
2006.12.06 15:58:06 LOG7[5139:16384]: Created pid file
/var/run/stunnel.hostname.ru.443.pid
2006.12.06 15:58:06 LOG5[5139:16384]: FD_SETSIZE=1024, file ulimit=1024
-> 500 clients allowed
2006.12.06 15:58:06 LOG7[5139:16384]: SO_REUSEADDR option set on accept
socket
2006.12.06 15:58:06 LOG7[5139:16384]: hostname.ru.443 bound to 0.0.0.0:8080
2006.12.06 15:58:15 LOG7[5139:16384]: hostname.ru.443 accepted FD=7 from
127.0.0.1:32810
2006.12.06 15:58:15 LOG7[5142:16386]: hostname.ru.443 started
2006.12.06 15:58:15 LOG5[5142:16386]: hostname.ru.443 connected from
127.0.0.1:32810
2006.12.06 15:58:15 LOG7[5142:16386]: hostname.ru.443 connecting
65.181.62.138:443
2006.12.06 15:58:15 LOG7[5142:16386]: Remote FD=10 initialized
2006.12.06 15:58:15 LOG7[5142:16386]: Relying on OpenSSL RSA Blinding.
2006.12.06 15:58:15 LOG7[5142:16386]: SSL state (connect):
before/connect initialization
2006.12.06 15:58:15 LOG7[5142:16386]: SSL state (connect): SSLv3 write
client hello A
2006.12.06 15:58:15 LOG7[5142:16386]: SSL state (connect): SSLv3 read
server hello A
2006.12.06 15:58:15 LOG7[5142:16386]: SSL state (connect): SSLv3 read
server certificate A
2006.12.06 15:58:15 LOG7[5142:16386]: SSL state (connect): SSLv3 read
server key exchange A
2006.12.06 15:58:15 LOG7[5142:16386]: SSL state (connect): SSLv3 read
server done A
2006.12.06 15:58:15 LOG7[5142:16386]: SSL state (connect): SSLv3 write
client key exchange A
2006.12.06 15:58:15 LOG7[5142:16386]: SSL state (connect): SSLv3 write
change cipher spec A
2006.12.06 15:58:15 LOG7[5142:16386]: SSL state (connect): SSLv3 write
finished A
2006.12.06 15:58:15 LOG7[5142:16386]: SSL state (connect): SSLv3 flush data
2006.12.06 15:58:15 LOG7[5142:16386]: SSL state (connect): SSLv3 read
finished A
2006.12.06 15:58:15 LOG7[5142:16386]: 1 items in the session cache
2006.12.06 15:58:15 LOG7[5142:16386]: 1 client connects (SSL_connect())
2006.12.06 15:58:15 LOG7[5142:16386]: 1 client connects that finished
2006.12.06 15:58:15 LOG7[5142:16386]: 0 client renegotiatations requested
2006.12.06 15:58:15 LOG7[5142:16386]: 0 server connects (SSL_accept())
2006.12.06 15:58:15 LOG7[5142:16386]: 0 server connects that finished
2006.12.06 15:58:15 LOG7[5142:16386]: 0 server renegotiatiations
requested
2006.12.06 15:58:15 LOG7[5142:16386]: 0 session cache hits
2006.12.06 15:58:15 LOG7[5142:16386]: 0 session cache misses
2006.12.06 15:58:15 LOG7[5142:16386]: 0 session cache timeouts
2006.12.06 15:58:15 LOG6[5142:16386]: Negotiated ciphers:
EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
2006.12.06 15:58:20 LOG7[5142:16386]: Socket closed on read
2006.12.06 15:58:20 LOG7[5142:16386]: SSL alert (write): warning: close
notify
2006.12.06 15:58:20 LOG7[5142:16386]: SSL write shutdown (output buffer
empty)
2006.12.06 15:58:20 LOG7[5139:16384]: hostname.ru.443 accepted FD=11
from 127.0.0.1:32812
2006.12.06 15:58:20 LOG7[5144:32771]: hostname.ru.443 started
2006.12.06 15:58:20 LOG5[5144:32771]: hostname.ru.443 connected from
127.0.0.1:32812
2006.12.06 15:58:20 LOG7[5144:32771]: hostname.ru.443 connecting
65.181.62.138:443
2006.12.06 15:58:20 LOG7[5142:16386]: SSL alert (read): warning: close
notify
2006.12.06 15:58:20 LOG7[5142:16386]: SSL closed on SSL_read
2006.12.06 15:58:20 LOG7[5142:16386]: Socket write shutdown (output
buffer empty)
2006.12.06 15:58:20 LOG5[5142:16386]: Connection closed: 1011 bytes sent
to SSL, 2411 bytes sent to socket
2006.12.06 15:58:20 LOG7[5142:16386]: hostname.ru.443 finished (0 left)
2006.12.06 15:58:20 LOG7[5144:32771]: Remote FD=12 initialized
2006.12.06 15:58:20 LOG7[5144:32771]: Relying on OpenSSL RSA Blinding.
2006.12.06 15:58:20 LOG7[5144:32771]: SSL state (connect):
before/connect initialization
2006.12.06 15:58:20 LOG7[5144:32771]: SSL state (connect): SSLv3 write
client hello A
2006.12.06 15:58:20 LOG7[5144:32771]: SSL state (connect): SSLv3 read
server hello A
2006.12.06 15:58:20 LOG7[5144:32771]: SSL state (connect): SSLv3 read
finished A
2006.12.06 15:58:20 LOG7[5144:32771]: SSL state (connect): SSLv3 write
change cipher spec A
2006.12.06 15:58:20 LOG7[5144:32771]: SSL state (connect): SSLv3 write
finished A
2006.12.06 15:58:20 LOG7[5144:32771]: SSL state (connect): SSLv3 flush data
2006.12.06 15:58:20 LOG7[5144:32771]: 1 items in the session cache
2006.12.06 15:58:20 LOG7[5144:32771]: 2 client connects (SSL_connect())
2006.12.06 15:58:20 LOG7[5144:32771]: 2 client connects that finished
2006.12.06 15:58:20 LOG7[5144:32771]: 0 client renegotiatations requested
2006.12.06 15:58:20 LOG7[5144:32771]: 0 server connects (SSL_accept())
2006.12.06 15:58:20 LOG7[5144:32771]: 0 server connects that finished
2006.12.06 15:58:20 LOG7[5144:32771]: 0 server renegotiatiations
requested
2006.12.06 15:58:20 LOG7[5144:32771]: 1 session cache hits
2006.12.06 15:58:20 LOG7[5144:32771]: 0 session cache misses
2006.12.06 15:58:20 LOG7[5144:32771]: 0 session cache timeouts
2006.12.06 15:58:20 LOG6[5144:32771]: Negotiated ciphers:
EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
2006.12.06 15:58:25 LOG7[5139:16384]: hostname.ru.443 accepted FD=7 from
127.0.0.1:32814
2006.12.06 15:58:25 LOG7[5145:49154]: hostname.ru.443 started
2006.12.06 15:58:25 LOG5[5145:49154]: hostname.ru.443 connected from
127.0.0.1:32814
2006.12.06 15:58:25 LOG7[5145:49154]: hostname.ru.443 connecting
65.181.62.138:443
2006.12.06 15:58:25 LOG7[5145:49154]: Remote FD=10 initialized
2006.12.06 15:58:25 LOG7[5145:49154]: Relying on OpenSSL RSA Blinding.
2006.12.06 15:58:25 LOG7[5145:49154]: SSL state (connect):
before/connect initialization
2006.12.06 15:58:25 LOG7[5145:49154]: SSL state (connect): SSLv3 write
client hello A
2006.12.06 15:58:25 LOG7[5145:49154]: SSL state (connect): SSLv3 read
server hello A
2006.12.06 15:58:25 LOG7[5145:49154]: SSL state (connect): SSLv3 read
finished A
2006.12.06 15:58:25 LOG7[5145:49154]: SSL state (connect): SSLv3 write
change cipher spec A
2006.12.06 15:58:25 LOG7[5145:49154]: SSL state (connect): SSLv3 write
finished A
2006.12.06 15:58:25 LOG7[5145:49154]: SSL state (connect): SSLv3 flush data
2006.12.06 15:58:25 LOG7[5145:49154]: 1 items in the session cache
2006.12.06 15:58:25 LOG7[5145:49154]: 3 client connects (SSL_connect())
2006.12.06 15:58:25 LOG7[5145:49154]: 3 client connects that finished
2006.12.06 15:58:25 LOG7[5145:49154]: 0 client renegotiatations requested
2006.12.06 15:58:25 LOG7[5145:49154]: 0 server connects (SSL_accept())
2006.12.06 15:58:25 LOG7[5145:49154]: 0 server connects that finished
2006.12.06 15:58:25 LOG7[5145:49154]: 0 server renegotiatiations
requested
2006.12.06 15:58:25 LOG7[5145:49154]: 2 session cache hits
2006.12.06 15:58:25 LOG7[5145:49154]: 0 session cache misses
2006.12.06 15:58:25 LOG7[5145:49154]: 0 session cache timeouts
2006.12.06 15:58:25 LOG6[5145:49154]: Negotiated ciphers:
EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
2006.12.06 15:58:25 LOG7[5145:49154]: SSL alert (read): warning: close
notify
2006.12.06 15:58:25 LOG7[5145:49154]: SSL closed on SSL_read
2006.12.06 15:58:25 LOG7[5145:49154]: SSL alert (write): warning: close
notify
2006.12.06 15:58:25 LOG7[5145:49154]: SSL write shutdown (output buffer
empty)
2006.12.06 15:58:25 LOG7[5145:49154]: Socket write shutdown (output
buffer empty)
2006.12.06 15:58:25 LOG5[5145:49154]: Connection closed: 105 bytes sent
to SSL, 42 bytes sent to socket
2006.12.06 15:58:25 LOG7[5145:49154]: hostname.ru.443 finished (1 left)
2006.12.06 15:58:29 LOG3[5139:16384]: Received signal 2; terminating
2006.12.06 15:58:29 LOG7[5139:16384]: removing pid file
/var/run/stunnel.hostname.ru.443.pid
Кстати, сертификат на том конце самоподписанный и с истекшим сроком
годности. Может ли это быть причиной проблемы?
--
С уважением, Прокопьев Евгений
next prev parent reply other threads:[~2006-12-06 13:07 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-11-28 19:11 Eugene Prokopiev
2006-11-29 7:59 ` Чернов Евгений
2006-12-06 7:52 ` Eugene Prokopiev
2006-12-03 8:35 ` Fr. Br. George
2006-12-06 7:49 ` Eugene Prokopiev
2006-12-06 13:07 ` Eugene Prokopiev [this message]
2006-12-03 9:22 ` Peter Volkov
2006-12-06 7:47 ` Eugene Prokopiev
2006-12-06 8:36 ` Maxim Ivanov
2006-12-06 10:11 ` Eugene Prokopiev
2006-12-06 11:52 ` Maxim Ivanov
2006-12-07 5:27 ` Eugene Prokopiev
2006-12-07 6:34 ` Maxim Ivanov
2006-12-07 10:14 ` Eugene Prokopiev
2006-12-06 14:00 ` Fr. Br. George
2006-12-07 5:47 ` Eugene Prokopiev
2006-12-14 13:59 ` Alexander Borovsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4576C085.5000507@stc.donpac.ru \
--to=prokopiev@stc.donpac.ru \
--cc=community@lists.altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux Community general discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 community community/ http://lore.altlinux.org/community \
mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com
public-inbox-index community
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.community
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git