Discussion:
openssl s_client behind proxy server
Gordon Brown
2009-08-10 18:22:28 UTC
Permalink
Hi All,

I am trying to test a web service client (using openSSL for crypto related stuff) with https/SSL. For this, I need to get the server cert. I was able to do this in a desktop machine using the following command:

    openssl s_client -connect <servername>:<port>
and then copying the portion of the output bounded by and including:
    -----BEGIN CERTIFICATE-----

    -----END CERTIFICATE-----
However, when I try to do the same on another machine that is behind a proxy server, I noticed that this same command
does not work. I got an error message like this:
Loading 'screen' into ramdom state -done
gethostbyname failure
connect:errno=11004

I also noticed that in the macine NOT behind the proxy server my web service client was able to communicate with the
web server throught https/ssl using the server cert obtained through the openssl command, but in this machine that IS behind
the proxy server, the communication does not work. My client is getting a no response error.

Can anyone please advise me on this?

Thanks in advance.
Gordon
David Schwartz
2009-08-10 20:25:09 UTC
Permalink
Post by Gordon Brown
However, when I try to do the same on another machine
that is behind a proxy server, I noticed that this same command
does not work.
NAT? Socks proxy? Squid proxy? Transparent proxy? It's not clear what you're
talking about.
Post by Gordon Brown
Loading 'screen' into ramdom state -done
gethostbyname failure
It looks like DNS doesn't work. Is it supposed to? What happens if you
connect by IP?
Post by Gordon Brown
connect:errno=11004
Since you don't say what platform you're using, there's no way to make sense
of this error code.
Post by Gordon Brown
I also noticed that in the macine NOT behind the proxy server
my web service client was able to communicate with the
web server throught https/ssl using the server cert obtained
through the openssl command, but in this machine that IS behind
the proxy server, the communication does not work. My
client is getting a no response error.
The term "proxy server" can mean anything (NAT, Squid, Socks, ...). And a
"no response" error can also mean many different things. (No response at the
TCP level? No response from the application?)

DS


______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-***@openssl.org
Automated List Manager ***@openssl.org
Loading...