So from ntop's view it's getting an unencrypted request on the https: port??? Or is it being double encrypted (once by the https: request and once by stunnel)???
I'm totally confused... Wait a minute: "It's *not* stunnel that sets up a SSL connection with the server (i.e. to ntop's SSL), the client sets up a SSL connection to stunnel (i.e. https: in the browser), which sets up a "normal" (i.e. http:) connection to ntop." OK, now I get it - the path is this: (browser) https: -> https: stunnel http: -> http: ntop >From your earlier msg: "and the images *are* displayed, just as a normal connection" Which makes sense, because this IS a normal connection (from ntop's perspective). I suspect that some browsers are opening multiple https: connections and that's causing some kind of deadlock. I'll have to read the code paths in ntop to see if it's obvious... -----Burton -----Original Message----- From: Mike Klinkert [mailto:[EMAIL PROTECTED]] Sent: Monday, May 06, 2002 4:05 AM To: [EMAIL PROTECTED] Cc: Ntop Subject: Re: [SPAM?] Re: [Ntop] ntop, https and png - serious problem... Burton Strauss wrote: >OK, but that test really doesn't test anything. If stunnel does it's thing, it's transparent. > >The flaw could be in one of TWO places... > >1) ntop's implementation may not be able to handle the request as it's coming from those two browsers - for example, it could be a deadlock (esp as it seems to be in the second request - maybe the browser is trying to open a 2nd connection before the 1st is completed...) > >2) The browser may be sending an invalid request for https: but not http: (i.e. a different path internal to the browser code) (Since your test is http:, it wouldn't test this). > > Yes, it would! I'm connecting my browser to "https://<IP>:<STUNNELPORT>". Stunnel is listening on that port, strips off the SSL shit and forwards the data to the port on which ntop is listening. Ergo, my browser *is* using https, and therefore using a possible different internal path. Maybe I didn't explain my setup properly. It's *not* stunnel that sets up a SSL connection with the server (i.e. to ntop's SSL), the client sets up a SSL connection to stunnel (i.e. https: in the browser), which sets up a "normal" (i.e. http:) connection to ntop. >-----Burton > > -- Mike. _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
