On Mon, Mar 05, 2018 at 01:28:15PM +0100, Carlos Castro wrote: > Hello > > Thanks @Peter > > > Yes , my application not support TLS and I need the application connect > using TLS , for this i using stunnel (i hope) > > When I make curl -v http://127.0.0.1:19021 : > > curl -v http://127.0.0.1:19201 > * Rebuilt URL to: http://127.0.0.1:19201/ > * Trying 127.0.0.1... > * Connected to 127.0.0.1 (127.0.0.1) port 19201 (#0) > > GET / HTTP/1.1 > > Host: 127.0.0.1:19201 > > User-Agent: curl/7.47.0 > > Accept: */* > > > * HTTP 1.0, assume close after body > < HTTP/1.0 400 Bad Request > < Server: AkamaiGHost > < Mime-Version: 1.0 > < Content-Type: text/html > < Content-Length: 208 > < Expires: Mon, 05 Mar 2018 12:25:53 GMT > < Date: Mon, 05 Mar 2018 12:25:53 GMT > < Connection: close > > The web ctm.omgeo.net only works in mode HTTPS , .
TL;DR: can you actually try your application with this stunnel config? Yes, that's why you have stunnel - it will accept a pure HTTP connection from your application (or, in this case, from cURL), and then it will open a TLS (HTTPS) connection to ctm.omgeo.net. Actually, the "HTTP/1.0 400 Bad Request" response that you get shows that stunnel already works: the request to ctm.omgeo.net is sent via HTTPS, not plain HTTP. If you try to send a plain HTTP request to ctm.omgeo.net port 443, cURL will report a very different error: [roam@straylight ~]$ curl -v http://ctm.omgeo.net:443/ * Trying 22.214.171.124... * TCP_NODELAY set * Connected to ctm.omgeo.net (126.96.36.199) port 443 (#0) > GET / HTTP/1.1 > Host: ctm.omgeo.net:443 > User-Agent: curl/7.58.0 > Accept: */* > * Recv failure: Connection reset by peer * stopped the pause stream! * Closing connection 0 curl: (56) Recv failure: Connection reset by peer [roam@straylight ~]$ This happens because ctm.omgeo.net expects a TLS Client Hello message on an incoming connection, and cURL sends it a plaintext HTTP request, so ctm.omgeo.net says "this is not TLS, you must speak TLS to me, go away". So I guess that the "400 Bad Request" response you get from ctm.omgeo.net means that 1. you have successfully sent a request to it and it considered it to be an HTTP request, and 2. it expected the application to send it a specific request, not just a "GET /", so it said "GET / is not a valid request for me, but thanks for speaking HTTPS". So it's time to test your actual application now; configure it to talk to 127.0.0.1:19201 and see what happens. If anything goes wrong, show us the stunnel log. Hope that helps! G'luck, Peter -- Peter Pentchev r...@ringlet.net r...@freebsd.org p...@storpool.com PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13
Description: PGP signature
_______________________________________________ stunnel-users mailing list firstname.lastname@example.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users