I think I'm correct (i.e. that it is a bug), but I'm not sure about your test...
First off, I indicated that I've had the same results without zlib... It's a
https: issue, not zlib...
Secondly, how did you configure stunnel? That makes all the difference...
If you used an stunnel daemon on both client and server, then you're really
just testing tunneled http:. This should work - I have not had any problems
with http:.
If you used an stunnel daemon on the client, connecting to ntop's https: on
the server, then that's of interest because it eliminates any possible handling
differences http: vs. https: inside the browser.
If it's the latter, then I'm interested, because webbug
(http://www.cyberspyder.com/webbug.html) should then be able to see the
send/received data... And that would allow me to compare the headers etc.
between NS4 and NS6.2.2 under Windows... I'd be interested in how to set this
up under Windows...
-----Burton
For people who don't know about tunneling. Suppose you want to send me some
information.
You could write it on a postcard and mail it, but then anyone can read it
(that's http)
You can write it on a sheet of paper and put it in an envelope then mail that
(that's https)
You can give the post card to a trusted third party, who puts it into an
envelope and mails it to a trusted friend. The friend opens the envelope and
delivers the post card to me. (that's tunneling of http).
The key to the third case is that both you and I (client and server) don't have
to change ANYTHING we do because of the tunneling. In fact, it's transparent -
we can't even tell it's there.
The case of interest to me is a hybrid - you give the post card to the trusted
party, who puts it in an envelope and sends it directly to me (because I
understand the envelope). Why is it of interest? Because I can put a spy in
place between you and the 3rd party to see what's being sent to me so that I can
figure out what and where the information is being corrupted...
-----Original Message-----
From: Mike Klinkert [mailto:[EMAIL PROTECTED]]
Sent: Sunday, May 05, 2002 3:12 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: [Ntop] ntop, https and png - serious problem...
Burton M. Strauss III wrote:
>Luca et al...
>
>Per the reports of problems with graphics and https connections and your
>comments about broken browsers, I have conducted some experiments... It turns
>out that there are two problems.
>
>
Luca claims that it's the browsers fault that the graphics don't show up
(because the're incapable of handling gzipped images), but I conducted a
little experiment that proves him wrong!
If Luca's claim is true, than there's another way to test it:
Assumption: Let the images in a normal connection (http) be gzipped.
Now, if we tunnel this connection in SSL (i.e. not using ntop's SSL),
the browser should receive the gzipped images over the SSL tunnel. If
Luca's claim is true, the images would not show up when using this
connection. However, I have tried stunnel (www.stunnel.org) for the SSL
tunnel (I even activated it with xinetd!), and the images *are*
displayed, just as a normal connection. Conclusion: it's not the browser
that is the cause of this problem/bug...
BTW: I tested this with Mozilla-1.0rc1. This browser does *not* show the
images under a ntop SSL connection.
BTW2: stunnel is a simpel program that is able to encapsulate connection
oriented protocols with SSL.
Hope this helps.
>-----Burton
>
--
Mike.
_______________________________________________
Ntop mailing list
[EMAIL PROTECTED]
http://listgateway.unipi.it/mailman/listinfo/ntop
