I think you have the names backward. dante.xxx.com is the proxy server
and summer.xxx.com is the web server. From the other side of the
firewall,
I can access summer.xxx.com with no problem. Using curl, I can access
summer.xxx.com via the proxy. Because it works with both curl and a
Netscape browser, I know that the firewall/proxy and web server
are set up correctly.
This is the curl command line:
curl -v -u user:passwd -x dante.xxx.com:80 https://summer.xxx.com/
This is the output when the -v (verbose) flag is included:
> CONNECT summer.xxx.com:443 HTTP/1.0
User-Agent: curl/7.2 (hppa2.0-hp-hpux10.20) libcurl 7.2.1 (SSL 0.9.5)
< HTTP/1.0 200 OK
<
* Proxy has replied to CONNECT request
* SSL connection using EXP-RC4-MD5
* Server certificate:
* subject: /C=US/CN=summer.xxx.com
* issuer:
/C=US/ST=NY/L=Brooklyn/O=xxx.com/OU=infosec/CN=Certificate Manager
* Connected to dante.xxx.com (162.69.80.100)
> GET / HTTP/1.0
Authorization: Basic ZW10YWRtaW46ZW10YWRtaW4x
User-Agent: curl/7.2 (hppa2.0-hp-hpux10.20) libcurl 7.2.1 (SSL 0.9.5)
Host: summer.xxx.com:443
Pragma: no-cache
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
<HTML page follows>
One difference to note: curl does not use a protocol "scheme" to
access the proxy. Using LWP, if I specify the proxy without the
leading http:// or https://, it gives the error message "unknown
scheme dante.xxx.com". Perhaps this protocol scheme is confusing
the proxy.
- Fred Noz
"WORENKLEIN, David, GCM" wrote:
>
> It looks like OpenSSL couldn't negotiate with dante.xxx.com. The proxy
> server is probably a red herring.
> Is there anyway you can connect to dante.xxx.com, other than through the
> proxy server?
>
> > -----Original Message-----
> > From: Fred Noz [mailto:[EMAIL PROTECTED]]
> > Sent: Friday, September 08, 2000 8:41 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: SSL through proxy
> >
> >
> > I am unable to do a GET a page from an HTTPS server vi a proxy.
> > I applied Chris Hiner's patch to libwww-perl-5.48 and specified
> > https for the proxy as in:
> > $browser->proxy('http' => 'http://dante.xxx.com:80');
> > $browser->proxy('https' => 'https://dante.xxx.com:80');
> > The proxy is Gauntlet (TIS).
> >
> > The trace of LWP shows an SSL negotiation failure after
> > hanging a minute
> > after showing "Transmogrifying our socket". This is the trace:
> > LWP::UserAgent::new: ()
> > Using proxy http://dante.xxx.com:80
> > LWP::UserAgent::proxy: http http://dante.xxx.com:80
> > LWP::UserAgent::proxy: https https://dante.xxx.com:80
> > LWP::UserAgent::request: ()
> > LWP::UserAgent::simple_request: GET https://summer.xxx.com/
> > LWP::UserAgent::_need_proxy: Proxied to https://dante.xxx.com:80
> > LWP::Protocol::https::request: ()
> > LWP::Protocol::https::request: Trying to CONNECT through the proxy
> > server
> > LWP::Protocol::http::request: ()
> > LWP::Protocol::http::request: CONNECT summer.xxx.com:443 HTTP/1.0
> >
> > LWP::Protocol::http::request: reading response
> > LWP::Protocol::http::request: HTTP/1.0 200 OK
> >
> > LWP::Protocol::http::request: HTTP/1.0 200 OK
> > LWP::Protocol::https::request: Transmogrifying our socket
> > LWP::Protocol::https::request: SSL error:0
> > Net::SSL: SSL negotiation failed at
> > /usr/lib/perl5/site_perl/5.005/LWP/Protocol/https.pm line 116
> > LWP::UserAgent::request: Simple response: Internal Server Error
> > <HTML>
> > <HEAD><TITLE>An Error Occurred</TITLE></HEAD>
> > <BODY>
> > <H1>An Error Occurred</h1>
> > 500 SSL negotiation failed.
> > </BODY>
> > </HTML>
> >
> > Line 116 in https.pm is:
> > $socket->_error("SSL negotiation failed");
> >
> > The perl modules I am using are:
> > Crypt-SSLeay-0.17
> > Digest-MD5-2.11
> > HTML-Parser-3.11
> > HTML-Tagset-3.02
> > MIME-Base64-2.11
> > URI-1.09
> > libnet-1.0703
> > libwww-perl-5.48
> > openssl-0.9.5a
> > perl 5.5.3 on Red Hat Linux 6.2.
> >
> > Any help is appreciated.
> >
> > - Fred Noz
> > New York City, USA
