DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=29744>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=29744 ------- Additional Comments From [EMAIL PROTECTED] 2007-03-16 07:15 ------- Sorry for that late answer. What you described with the Unsupported HTTP version number message seems to be a bug from proxytunnel... I haven't had the time to investigate the -e option which is used to specify that proxytunnel must use SSL so I cannot comment on that. Basically, as it did not work for me I used an extra tool called stunnel that simply listen to a port locally and open an SSL session to a remotehost. You just send traffic in clear to the local port and stunnel makes the connection to the remote host:port with ssl and deals with the crypto. Now, if you want to connect through an HTTP proxy, you use proxytunnel.exe -p proxy:proxyport -d targethost:targetport -a anylocalport If you have to proxy other SSL, you must first launch stunnel with an entry like that in your stunnel.conf [ssh-tunnel] accept = porttolistento connect = ssltargethost:ssltargetport client = yes Then any combination is possible... in my case: proxytunnel-1 creates a tunnel to a remote host with apache-proxy-ssl proxytunnel-1 listent to port 443 (-a 443) here is the command line proxytunnel.exe -p proxy:proxyport -d apache-proxy-ssl-host:443 -a 443 then stunnel unwrap the ssl layer: here is the entry for ssl-tunnel.conf [ssh-tunnel] accept = 8080 connect = 127.0.0.1:443 client = yes then another proxytunnel creates the tunnel through apache-proxy: proxytunnel.exe -p localhost:8080 -d anywhere:anyport Of course, anywhere anyport must match your configuration on the apache-proxy- ssl-host, otherwise, you will be rejected. The second proxytunnel.exe is not necessary.. you can also configure your explorer to use localhost:8080 as a proxy instead... Well you get the idea: - proxytunnel just connect to an http host throug a proxy - stunnel manages the ssl traffic: it converts https into http for you if you prefer... now, based on your needs, you must embedd tunnels to jump from host to host and decrypt the traffic... the exact config depends on what you want to achieve. The nice thing is that you can now secure the apache-proxy module with ssl (including client authentication) and it opens some new opportunities to secure a network. hope it helps (In reply to comment #35) > Thanks for your comments (comment #34). I tried your version of > mod_proxy_connect.c, but it made no difference. It seems that the issue is in > proxytunnel: it appears to send plain HTTP headers, even over an HTTPS > connection. Hmmm. > Please could you describe your solution a little more fully - I've never played > with stunnel and don't understand the setup you've described. > Thanks! -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
