http - openssl s_client TLS connection through proxy with clientAuth -

-

i'd use openssl s_client open tls connection through proxy (squid) origin server using connect request method. using client certificate connect proxy server shown:

openssl s_client -connect my_proxy:4443 -cafile /etc/ssl/ca/ca.crt -cert /etc/ssl/cert/client.crt -key /etc/ssl/key/client_key.pem

after running above, connection information prints out fine , enter connect , methods, , works fine:

connect www.google.com:80 http/1.1 host: www.google.com

http/1.1 200 connection established

get /search?q=ip+address http/1.1 host: www.google.com

http/1.1 200 ok

however, able establish tls (https) connection haven't been able work:

connect www.google.com:443 http/1.1 host: www.google.com

http/1.1 200 connection established

get /search?q=ip+address http/1.1

closed

what doing wrong here? before try openssl 1.1.x has -proxy parameter, i've tried that. note ca cert, client cert , client key on above command connection proxy server, not target server (google.com), shown below openssl 1.1.0-pre3 (same output if try connect google:443).

openssl s_client -connect google.com:80 -proxy my_proxy:4443 -cafile /etc/ssl/ca/ca.crt -cert /etc/ssl/cert/client.crt -key /etc/ssl/key/client_key.pem

connected(00000003)

s_client: http connect failed

no peer certificate available

no client certificate ca names sent ssl handshake has read 0 bytes , written 25 bytes verification: ok

new, (none), cipher (none) secure renegotiation not supported compression: none expansion: none no alpn negotiated

i able load client cert, client key, , ca cert firefox (all bundled in pkcs12 file) , able connect various websites through tls. should possible on command line.

note ca cert, client cert , client key on above command connection proxy server, not -connect server."

i doubt that. according source -proxy used make tunnel through proxy, i.e.

  • makes tcp connect given proxy
  • sends connect request target -connect argument proxy
  • waits response of proxy tunnel got established
  • no certificates involved when creating tunnel, should be

this should possible on command line.

this possible -proxy option. version of s_client don't have option yet can not used alone establish connection through http proxy because necessary functionality not implemented. might try use s_client other tools provide necessary tunnel, socat or proxytunnel.


Comments

Post a Comment

Popular posts from this blog

java - Run spring boot application error: Cannot instantiate interface org.springframework.context.ApplicationListener -

-
i have spring project , try make use spring boot , run @ embadded tomcat following : https://spring.io/guides/gs/rest-service/ this application //@configuration //@enableaspectjautoproxy @springbootapplication @componentscan(basepackages = "gux.prome") public class application { public static void main(string[] args) { springapplication.run(application.class, args); } } if use maven command: mvn spring-boot:run , project starts fine, need debug , run main method @ intelij, exception occurs: exception in thread "main" java.lang.illegalargumentexception: cannot instantiate interface org.springframework.context.applicationlistener : org.springframework.boot.logging.classpathloggingapplicationlistener @ org.springframework.boot.springapplication.createspringfactoriesinstances(springapplication.java:414) @ org.springframework.boot.springapplication.getspringfactoriesinstances(springapplication.java:394) @ org.springframework.bo...
Read more

python - pip wont install .WHL files -

-
when try install .whl gohike typing cmd c:\users\owner\downloads>pip install ta_lib-0.4.9-cp27-none-win_amd64.whl i print out: `processing c:\users\owner\downloads\ta_lib-0.4.9-cp27-none-win_amd64.whl complete output command python setup.py egg_info: traceback <most recent call last>: file "<string>", line 1, in <module> ioerror: [errno 2] no such file or directory:'c:\\users\\owner\\appdata\\lo cal\\temp\\pip-9gwk2c-build\\setup.py' ----------------------------------------- command "python setup.py egg_info" failed error code 1 in c:\users\owner\ap pdata\local\temp\pip-9gwk2c-build\` the part between pip- , -build in pip-9gwk2c-build different on same file. i asked python 2.7.11 pip 8.0.3 can't install gohike whl of ta-lib 0.4.9 few days ago , decided ask differently. can me! you have outdated pip not understand wheels. wheels not supposed have setup.py inside. try upgrading pip pip in...
Read more

Excel VBA "Microsoft Windows Common Controls 6.0 (SP6)" Location Changes -

-
i have excel workbook used generate quotations customers. there main page user inputs data, , there buttons generate various pdfs , send them customer. however, 1 user consistently getting error preventing generating , sending pdfs. i beleive "microsoft windows common controls 6.0 (sp6)". it's installed on users' computers. on mine, location "c:\windows\syswow64\mscomctl.ocx" on others "c:\windows\system32\mscomctl.ocx" the user experiencing issues on 32-bit machine, "mscomctl.ocx" file should in system32. have manually put in there, , pointed common controls reference in vba it. issue seems keep reverting looking in syswow64. since folder doesn't exist, can't find it, , can't produce pdfs. i thought perhaps issue user running older version of office (2007) there users on 2013 , 2016. thought perhaps mixture of 64-bit , 32-bit users. user gets sent workbook other users (as quotation process goes further, gets passed ...
Read more