[prev in list] [next in list] [prev in thread] [next in thread]
List: stunnel-users
Subject: Re: [stunnel-users] Problem with a signed certificate by CA
From: Gabriel Sosa <sosagabriel () gmail ! com>
Date: 2011-01-13 21:33:00
Message-ID: AANLkTi=goZiPTCQTkT5mvvamH0N+3KJy_=B+9kod-c_J () mail ! gmail ! com
[Download RAW message or body]
perfect! that made the trick!!!
thank you for your time
Saludos
On Thu, Jan 13, 2011 at 3:00 PM, <josealf@rocketmail.com> wrote:
> Maybe your curl client is trying to negotiate SSLv2... Did you try addding --sslv3 \
> to the command line? Openssl fips disables sslv2..
>
> -----Original Message-----
> From: Gabriel Sosa <sosagabriel@gmail.com>
> Sender: stunnel-users-bounces@mirt.net
> Date: Thu, 13 Jan 2011 01:39:15
> To: <stunnel-users@mirt.net>
> Subject: [stunnel-users] Problem with a signed certificate by CA and
> curl/wget
>
> hello,
>
> I bought an ssl certificate on thawte and installed to stunnel.
>
> When I go to the site with any browser the ssl is established without
> any issue, however when I try to call an url using curl or wget I'm
> not able to download the content
>
> here are the output of curl/wget
>
> [root@www ~]$ curl https://secure.example.com/test.php
> curl: (35) Unknown SSL protocol error in connection to secure.example.com:443
> [root@www1 ~]$ wget https://secure.example.com/test.php
> --23:27:15-- https://secure.example.com/test.php
> Resolving secure.example.com... xxx.xxx.xxx.xxx
> Connecting to secure.example.com|xxx.xxx.xxx.xxx|:443... connected.
> Unable to establish SSL connection.
> [root@www ~]$
>
>
> my stunnel config file looks like
>
> ;setuid=nobody
> ;setgid=nobody
> fips=no
>
> pid=/var/run/stunnel.pid
> debug=3
> output=/var/log/stunnel.log
> cert=/etc/ssl/certs/stunnel.pem
> CAfile=/etc/ssl/certs/ssl123.crt
>
> socket=l:TCP_NODELAY=1
> socket=r:TCP_NODELAY=1
>
>
> [secure.example.com]
> accept=xxx.xxx.xxx.xxx:443
> connect=zzz.zzz.zzz.zzz:8443
> TIMEOUTclose=0
> xforwardedfor=yes
>
> I'm using the version 4.34 + xforwardedfor patch
>
> the file ssl123.crt contains the root CA of thawte
>
> uname -a output
>
> Linux secure.example.com 2.6.18-164.6.1.el5 #1 SMP Tue Nov 3 16:12:36
> EST 2009 x86_64 x86_64 x86_64 GNU/Linux
>
> gcc -v output
>
> Using built-in specs.
> Target: x86_64-redhat-linux
> Configured with: ../configure --prefix=/usr --mandir=/usr/share/man
> --infodir=/usr/share/info --enable-shared --enable-threads=posix
> --enable-checking=release --with-system-zlib --enable-__cxa_atexit
> --disable-libunwind-exceptions --enable-libgcj-multifile
> --enable-languages=c,c++,objc,obj-c++,java,fortran,ada
> --enable-java-awt=gtk --disable-dssi --enable-plugin
> --with-java-home=/usr/lib/jvm/java-1.4.2-gcj-1.4.2.0/jre
> --with-cpu=generic --host=x86_64-redhat-linux
> Thread model: posix
> gcc version 4.1.2 20080704 (Red Hat 4.1.2-46)
>
> openssl version
>
> OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
>
>
> Does anyone have some clue about what could be causing the problem.
> Any help will be really appreciated.
>
> Thank you
>
> --
> Gabriel Sosa
> Si buscas resultados distintos, no hagas siempre lo mismo. - Einstein
> _______________________________________________
> stunnel-users mailing list
> stunnel-users@mirt.net
> http://stunnel.mirt.net/mailman/listinfo/stunnel-users
>
--
Gabriel Sosa
Si buscas resultados distintos, no hagas siempre lo mismo. - Einstein
_______________________________________________
stunnel-users mailing list
stunnel-users@mirt.net
http://stunnel.mirt.net/mailman/listinfo/stunnel-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic