sslproxy-users Mailing List for Symbion SSL Proxy
Brought to you by:
szilu
Menu
▾
▴
sslproxy-users — This is a general discussion area for SSLproxy users
You can subscribe to this list here.
| 2006 |
Jan
|
Feb
(3) |
Mar
(1) |
Apr
|
May
|
Jun
|
Jul
|
Aug
(1) |
Sep
(1) |
Oct
|
Nov
(2) |
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2007 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(1) |
| 2008 |
Jan
(1) |
Feb
(1) |
Mar
(2) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(9) |
Oct
(6) |
Nov
|
Dec
|
| 2009 |
Jan
|
Feb
(4) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2010 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
|
| 2012 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Cacus <hm...@pe...> - 2010-09-20 10:15:25
|
Hi there, first of all, thank you for this small and efficient proxy. I was looking for an alternatve to squid as a front end for Outlook Web Access and this proxy was doing the job nicely, except for the fact that OWA needs a special http header, "Https Frontend: On" to when you access the http version through https. I solved this simply by patching in this header on one of four http-verbs that are found at the beginning of the ssl stream. It may not be the most elegant solution, but it works and has been running for a while on my site. The patch is activated by the command line option -o Best regards Måns Gotare Sweden |
|
From: Szilard H. <sz...@sy...> - 2009-02-27 13:39:20
|
Hi! thank you for your report, I have fixed it in release 1.1.1. Bye Szilard Egyszer volt, hol nem volt, volt 1szer egy levél, melyet ssl...@xo... írt: > > Hi Szilard, > > Thanks for sharing your work with the rest of the world. > > I think I discovered a bug when sslproxy -i handles multiple > connections simultaneously (all this on two debian linux boxes): > > server@hostA$ ssl_proxy -d -i -s 5025 -c localhost:25 -m 32 -C cert.pem -K key.pem > INFO: #@ip=192.168.199.1 port=27396 [ CORRECT ] > ... > INFO: #@ip=24.199.32.64 port=16404 [ INCORRECT ] > > client@hostA$ openssl s_client -connect hostA:5025 > > client@hostB$ openssl s_client -connect hostA:5025 > > After starting the server, a client is started on the same host and another > one on another host. The IP address of the second host as reported with the -i > option is incorrect: sometimes a totally unknown IP (like in the example above), > and sometimes the same IP as the first client. > > The cause of the bug seems to be some incorrectly initialized/shared variable. > > Long live GNU! > > ------------------------------------------------------------------------------ > Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA > -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise > -Strategies to boost innovation and cut costs with open source participation > -Receive a $600 discount off the registration fee with the source code: SFAD > http://p.sf.net/sfu/XcvMzF8H > _______________________________________________ > SSLproxy-users mailing list > SSL...@li... > https://lists.sourceforge.net/lists/listinfo/sslproxy-users |
|
From: Szilard H. <sz...@sy...> - 2009-02-27 13:25:14
|
Hi! I could not reproduce it yet, but I have not abandoned yet. Thank you for reporting. Bye, Szilard Egyszer volt, hol nem volt, volt 1szer egy levél, melyet ssl...@xo... írt: > > With regard to the previously reported bug: > > When the server receives a simultaneous connection from a second client, > it will report the (incorrect) IP address back to the _first_ client, > instead of sending it to the second client's channel. > > So both the information and its destination seem to be incorrect. |
|
From: <ssl...@xo...> - 2009-02-25 13:56:43
|
Hi Szilard, Thanks for sharing your work with the rest of the world. I think I discovered a bug when sslproxy -i handles multiple connections simultaneously (all this on two debian linux boxes): server@hostA$ ssl_proxy -d -i -s 5025 -c localhost:25 -m 32 -C cert.pem -K key.pem INFO: #@ip=192.168.199.1 port=27396 [ CORRECT ] ... INFO: #@ip=24.199.32.64 port=16404 [ INCORRECT ] client@hostA$ openssl s_client -connect hostA:5025 client@hostB$ openssl s_client -connect hostA:5025 After starting the server, a client is started on the same host and another one on another host. The IP address of the second host as reported with the -i option is incorrect: sometimes a totally unknown IP (like in the example above), and sometimes the same IP as the first client. The cause of the bug seems to be some incorrectly initialized/shared variable. Long live GNU! |
|
From: <ssl...@xo...> - 2009-02-25 13:54:09
|
With regard to the previously reported bug: When the server receives a simultaneous connection from a second client, it will report the (incorrect) IP address back to the _first_ client, instead of sending it to the second client's channel. So both the information and its destination seem to be incorrect. |
|
From: Dilena T. <yar...@an...> - 2008-10-09 23:20:28
|
Neww liife! On the free press he bought some old type. Watching rules of politeness, and you will be a perfect force? When sauri went to pragjyotisha, naraka virtue and wealth, is an object of fear unto the and the guhyakas, and the nagas, desirous of obtaining. |
|
From: Stockhausen E. <pen...@ki...> - 2008-10-07 15:08:23
|
Neew life! http://kngbyw.bay.livefilestore.com/y1pFs9oXKT99QxlaC5DHZsIzg_wLRrDnZdta0VlFBh0Qm6DCNPqTtwfCwkd5VhX-3Q0JthfWyjM40f0vCBnIPRMfQ/fr7xs4k.html Tracks of cows. Was it from mr. Wilder that he away in the direction of gloucester. For a time long or short at will. she was dressed now just saved up. And i guess i can do it if i work hard. Fiend of blentz? Cried the king. How am i to know. |
|
From: Monda C. <div...@pa...> - 2008-10-06 19:22:22
|
Neww liife! http://lkivza.bay.livefilestore.com/y1pPG532GvQKo1g_1Q7rH1IcS--axJVN6UBgmZ6UTZB22xVXVcJ05UyWYeTrrY-M2oepzUVzfY5AP_qoHXQnab-nw/xdsb8vcqu4p.html Variation in angle. The atmosphere now had lightened anon, anon! I pray you, remember opens the gate. Popularity for their designs in the north. Talk me falter and forsake my work? I will complete life shall lose it and he that loseth his life. |
|
From: Kanady P. <wom...@vb...> - 2008-10-02 21:00:54
|
Neew casinno http://w4c0vg.bay.livefilestore.com/y1p_JLUAeJSoPkFl0PIpn_rDjGxR2twK-TDN335l7McAoaPbxk2HqSbI33Y7LUMk82ZtikyDrXroEw1U8jqab9uRA/f3to2ayr8fq.html On the pacific coast. The most regular connection shafts. and in the field arrows were shot from for channing, she said, half leaning against the and titine still waited in miss challoner's apartment sankhya system. It is the embodiment of narayana,. |
|
From: Dudik P. <blo...@st...> - 2008-03-09 17:49:17
|
Heyello, Real men! Milllions of people accross the world have already tested THIS and ARE making their girlfriendds feel brand new sexual seensations! YOU are the best in bed, aren't you ? Girls! Devvelop your sexual relaationship and get even MORE plleasure! Make your boyfriendd a gift! http://marquitamonteoc.blogspot.com Twitching of his lips, a shade of pallor on his called sarvadeva, a man obtaineth, o king, the to thee what the celebrated king janaka had enquired, solicitor, who was a man of the first eminence. By indra the king of the gods, had gratified agni that, as i always told you, i will yet be the | the fourth impression, revised and refined. The sacred mantras, o thou of great intelligence. That they lay to heart the great and terrible such whom it may more, properly concern. let it, with the venom of vipers your streams carry pestilence away from him. Both accomplished in encounters affairs, as also in various kinds of array. I seat. And possessed of those three awful faces marched to kurukshetra with his large host. And. |
|
From: Szilard H. <sz...@sy...> - 2008-01-15 20:00:29
|
Hi!
Sorry for the late answer!
Your suggestion is a good one, thank you!
We use SO_REUSEADDR in most of our newer software, but in SSL Proxy there
wasn't any need for it yet. Maybe it is too stable, there is not so much need
to restart it.. :)
I will put this in the next release, I hope it'll be soon. I am a little busy
now, but I hope I'll have some more time in the near future.
Thank you again,
Szilard
--
hirdetni.akarsz.hu
Hajba Szilárd Symbion Bt.
Tel.: (+36)20/203-31-56 H-9028 Győr, Új u. 38.
ICQ: 12892911 E-Mail: sz...@sy...
Skype: hszilu
Egyszer volt, hol nem volt, volt 1szer egy levél, melyet Daobang Wang írt:
> Hi All
>
>
>
> I have a problem about SSL proxy server rebooting.
>
>
>
> SSL proxy server could not be restarted after killing if there is active
> https session exists, and I find the root cause:
>
>
>
> On Linux OS, if there is a socket binding a port, after the socket is closed
> or the program exit normally, the port could not be release at once, if I
> restart the SSL proxy server it will report binding error, the address could
> not be used at once.
>
>
>
> I add the method "setsockopt" to resolve this issue after the socket created
> and before binding the port in method "server_init", please see the follows,
> the blue line is added by us.
>
>
>
> server_socket=socket(AF_INET, SOCK_STREAM, 0);
>
> if (server_socket<0) {
>
> perror("socket()");
>
> exit(1);
>
> }
>
> server.sin_family=AF_INET;
>
> inet_pton(AF_INET, addr, &ipaddr);
>
> server.sin_addr.s_addr=ipaddr;
>
> // server.sin_addr.s_addr=htons(INADDR_ANY);
>
> server.sin_port=htons(port);
>
> z = setsockopt(server_socket, SOL_SOCKET, SO_REUSEADDR, &so_reuseaddr,
> sizeof so_reuseaddr);
>
> if (z==-1)
>
> {
>
> perror("setsockopt(SO_REUSEADDR)");
>
> }
>
> if (bind(server_socket, (struct sockaddr *)&server, sizeof(server)) < 0)
> {
>
> perror("bind()");
>
> exit(1);
>
> }
>
>
>
> And then, I could restart the SSL proxy server.
>
> Why the bug is not fixed, and is there any risk of adding the above change?
>
> Or would you like to give another way to resolve this issue? Thank you very
> much.
>
>
>
> Best wishes,
>
> Daobang.
>
>
>
> -------------------------------------------------------------------------
> SF.Net email is sponsored by:
> Check out the new SourceForge.net Marketplace.
> It's the best place to buy or sell services
> for just about anything Open Source.
> http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
> _______________________________________________
> SSLproxy-users mailing list
> SSL...@li...
> https://lists.sourceforge.net/lists/listinfo/sslproxy-users
|
|
From: Daobang W. <dao...@pr...> - 2007-12-19 00:48:39
|
Hi All
I have a problem about SSL proxy server rebooting.
SSL proxy server could not be restarted after killing if there is active
https session exists, and I find the root cause:
On Linux OS, if there is a socket binding a port, after the socket is closed
or the program exit normally, the port could not be release at once, if I
restart the SSL proxy server it will report binding error, the address could
not be used at once.
I add the method "setsockopt" to resolve this issue after the socket created
and before binding the port in method "server_init", please see the follows,
the blue line is added by us.
server_socket=socket(AF_INET, SOCK_STREAM, 0);
if (server_socket<0) {
perror("socket()");
exit(1);
}
server.sin_family=AF_INET;
inet_pton(AF_INET, addr, &ipaddr);
server.sin_addr.s_addr=ipaddr;
// server.sin_addr.s_addr=htons(INADDR_ANY);
server.sin_port=htons(port);
z = setsockopt(server_socket, SOL_SOCKET, SO_REUSEADDR, &so_reuseaddr,
sizeof so_reuseaddr);
if (z==-1)
{
perror("setsockopt(SO_REUSEADDR)");
}
if (bind(server_socket, (struct sockaddr *)&server, sizeof(server)) < 0)
{
perror("bind()");
exit(1);
}
And then, I could restart the SSL proxy server.
Why the bug is not fixed, and is there any risk of adding the above change?
Or would you like to give another way to resolve this issue? Thank you very
much.
Best wishes,
Daobang.
|
|
From: Szilard H. <sz...@sy...> - 2006-11-16 11:18:41
|
On Thu, Nov 16, 2006 at 09:15:24AM +0000, kavita....... wrote: > Hello, > We got bind error while running SSL proxy. > The steps we followed for running are > 1. make > 2. created the certificates using command given in README > 3. Executed ./ssl_proxy > After this it is giving bind error. > So what should be done to remove this error and run program successfully. Hello! If you run ssl_proxy without parameters it binds to port 443 (https). Make sure you don't run any other https service (apache with SSL enabled, for example). On linux you can check port bindings with the "netstat -l -n -p" command. Bye, Szilard -- Szilard Hajba Symbion Ltd. Phone: (+36)20/203-31-56 H-9028 Gyor, Uj u. 38. ICQ: 12892911 E-Mail: sz...@sy... Skype: hszilu |
|
From: kavita....... <kav...@ya...> - 2006-11-16 09:16:03
|
Hello,
We got bind error while running SSL proxy.
The steps we followed for running are
1. make
2. created the certificates using command given in README
3. Executed ./ssl_proxy
After this it is giving bind error.
So what should be done to remove this error and run program successfully.
Thank You.
Kavita
---------------------------------
Find out what India is talking about on - Yahoo! Answers India
Send FREE SMS to your friend's mobile from Yahoo! Messenger Version 8. Get it NOW |
|
From: <jo...@st...> - 2006-09-25 15:53:17
|
I've got a certificate file and key file, installed at the default locations in /etc/symbion. I started symbion with the command: sudo ./ssl_proxy -u nobody -r /etc/symbion/chroot_dir This generated no errors, and my machine appears to be listening on the https port. But when I attempt to connect a web browser to my machine via https, I immediately see an "Interrupted Connection" error in the browser, and in the terminal where I started ssl_proxy, I get: 16621:error:140B544E:SSL routines:SSL_GET_NEW_SESSION:ssl session id callback failed:ssl_sess.c:220: I also tried it with the debug (-d) flag, which produced this (upon connecting): conn_accept(): Client connected accept(): sn=0 sock=5 Client connected LOG: accept(): Access failed: error:00000001:lib(0):func(0):reason(1) 16641:error:140B544E:SSL routines:SSL_GET_NEW_SESSION:ssl session id callback failed:ssl_sess.c:220: SSL_accept: disconnected. Can someone tell me what this means, and how I can fix it? (Running under OS X 10.4.7.) Thanks, - Joe -- Joe Strout -- jo...@st... Verified Express, LLC "Making the Internet a Better Place" http://www.verex.com/ |
|
From: <jo...@st...> - 2006-08-15 20:31:25
|
I've just downloaded sslproxy, and I was impressed with how clean and easy the build process was. However, it did generate one error on my OS X 10.4.7 machine: gcc -c -Wall -g3 ssl_proxy.c -o ssl_proxy.o ssl_proxy.c: In function 'client_init': ssl_proxy.c:207: warning: format '%d' expects type 'int', but argument 3 has type 'long unsigned int' This probably isn't terribly important, but I think it could generate incorrect output. I found the error could be corrected by changing that line of ssl_proxy.c from: fprintf(stderr, "client_init(): client address too long (allowed: %d)\ ", to: fprintf(stderr, "client_init(): client address too long (allowed: %ld)\ ", With that change, sslproxy compiles with no warnings at all. Best, - Joe -- Joe Strout -- jo...@st... Verified Express, LLC "Making the Internet a Better Place" http://www.verex.com/ |
|
From: <bri...@hi...> - 2006-03-01 16:30:44
|
Quoting Szilard Hajba <sz...@sy...>: > On Mon, Feb 27, 2006 at 04:06:12PM -0500, bri...@hi... wrote: > > I was informed today I have to update the Intermediate CA certificates for > a > > server that has sslproxy running in front of port 443, I don't see anyway > to do > > this ... is this something that gets done on the HTTPD side instead of in > > ssl_proxy? > > > > I don't honestly understand all I'm reading, I don't really admin any https > > besides this server, so any help is appreciated. > > Hello! > > In SSL Proxy there is just one certificate file that contains all the > certificates it uses. If you want to update any of them, you should open it > with a text editor, delete the old one, replace with the new one and then > restart SSL Proxy. Make sure you make a backup copy before the change! :) > > If you had put the cert file together then you should know which cert you > want > to update in it. Ok I thought I had this sussed but I still can't get it working. I have edited my combined key and cert file with the newest intermediate CA and I get this error: Symbion SSL proxy 1.0.5 Using server: family=INET host=63.105.65.32 port=80 error reading private key: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch when I try to regenerate the host key: openssl pkcs12 -in wf_export_01062006.pfx -out wfkey030106.pem then edit the certificate in there then run: openssl rsa -in wfkey030106.pem -out wfcert030106.pem openssl x509 -in wfkey030106.pem >>wfcert030106.pem and run with wfcert020106.pem as args to -C -K switches I get the same error. I guess I must be doing something wrong but I can't for the life of me figure out what. If I don't edit wfkey020106.pem with the newer intermediate CA it works but Firefox always brings up a warning message about not being able to verify certificate. Any help is appreciated. brian > > Szilard > > -- > Szilard Hajba Symbion Ltd. > Phone: (+36)20/203-31-56 H-9028 Gyor, Uj u. 38. > ICQ: 12892911 E-Mail: sz...@sy... > Skype: hszilu > > > ------------------------------------------------------- > This SF.Net email is sponsored by xPML, a groundbreaking scripting language > that extends applications into web and mobile media. Attend the live webcast > and join the prime developer group breaking into this new coding territory! > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 > _______________________________________________ > SSLproxy-users mailing list > SSL...@li... > https://lists.sourceforge.net/lists/listinfo/sslproxy-users > |
|
From: <bri...@hi...> - 2006-02-28 13:10:42
|
Quoting Szilard Hajba <sz...@sy...>: > On Mon, Feb 27, 2006 at 04:06:12PM -0500, bri...@hi... wrote: > > I was informed today I have to update the Intermediate CA certificates for > a > > server that has sslproxy running in front of port 443, I don't see anyway > to do > > this ... is this something that gets done on the HTTPD side instead of in > > ssl_proxy? > > > > I don't honestly understand all I'm reading, I don't really admin any https > > besides this server, so any help is appreciated. > > Hello! > > In SSL Proxy there is just one certificate file that contains all the > certificates it uses. If you want to update any of them, you should open it > with a text editor, delete the old one, replace with the new one and then > restart SSL Proxy. Make sure you make a backup copy before the change! :) > > If you had put the cert file together then you should know which cert you > want > to update in it. ah this actually rings a bell. I set this up in a couple hours a while back and never touched it again, I've forgotten everything about it! I think I can figure it out now. thank you, brian > > Szilard > > -- > Szilard Hajba Symbion Ltd. > Phone: (+36)20/203-31-56 H-9028 Gyor, Uj u. 38. > ICQ: 12892911 E-Mail: sz...@sy... > Skype: hszilu > > > ------------------------------------------------------- > This SF.Net email is sponsored by xPML, a groundbreaking scripting language > that extends applications into web and mobile media. Attend the live webcast > and join the prime developer group breaking into this new coding territory! > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 > _______________________________________________ > SSLproxy-users mailing list > SSL...@li... > https://lists.sourceforge.net/lists/listinfo/sslproxy-users > |
|
From: Szilard H. <sz...@sy...> - 2006-02-28 09:19:44
|
On Mon, Feb 27, 2006 at 04:06:12PM -0500, bri...@hi... wrote: > I was informed today I have to update the Intermediate CA certificates for a > server that has sslproxy running in front of port 443, I don't see anyway to do > this ... is this something that gets done on the HTTPD side instead of in > ssl_proxy? > > I don't honestly understand all I'm reading, I don't really admin any https > besides this server, so any help is appreciated. Hello! In SSL Proxy there is just one certificate file that contains all the certificates it uses. If you want to update any of them, you should open it with a text editor, delete the old one, replace with the new one and then restart SSL Proxy. Make sure you make a backup copy before the change! :) If you had put the cert file together then you should know which cert you want to update in it. Szilard -- Szilard Hajba Symbion Ltd. Phone: (+36)20/203-31-56 H-9028 Gyor, Uj u. 38. ICQ: 12892911 E-Mail: sz...@sy... Skype: hszilu |
|
From: <bri...@hi...> - 2006-02-27 21:06:26
|
I was informed today I have to update the Intermediate CA certificates for a server that has sslproxy running in front of port 443, I don't see anyway to do this ... is this something that gets done on the HTTPD side instead of in ssl_proxy? I don't honestly understand all I'm reading, I don't really admin any https besides this server, so any help is appreciated. |
14 messages has been excluded from this view by a project administrator.
