Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

openssl s_client behind proxy server

72 views
Skip to first unread message

Gordon Brown

unread,
Aug 10, 2009, 2:22:49 PM8/10/09
to

--0-1745371647-1249928548=:91537
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

Hi All, =0A=0AI am trying to test a web service client (using openSSL for c=
rypto related stuff) with https/SSL. For this, I need to get the server cer=
t. I was able to do this in a desktop machine using the=A0following command=
:=0A=0A=A0=A0=A0 openssl s_client -connect <servername>:<port> =0Aand then =
copying the portion of the output bounded by and including:=0A=A0=A0=A0 ---=
--BEGIN CERTIFICATE-----=0A=0A=A0=A0=A0 -----END CERTIFICATE-----=0AHowever=
, when I try to do the same on another machine that is behind a proxy serve=
r, I noticed that this same command=0Adoes not work. I got an error message=
like this: =0A Loading 'screen' into ramdom state -done=0A =
gethostbyname failure=0A connect:errno=3D11004=0A=0AI also n=
oticed that in the macine NOT behind the proxy server my web service client=
was able to communicate with the=0Aweb server throught https/ssl using the=
server cert obtained through the openssl command, but in this machine that=
IS behind=0Athe proxy server, the communication does not work. My client i=
s getting a no response error.=0A=0ACan anyone please advise me on this?=0A=
=0AThanks in advance.=0AGordon =0A=0A=0A
--0-1745371647-1249928548=:91537
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

<html><head><style type=3D"text/css"><!-- DIV {margin:0px;} --></style></he=
ad><body><div style=3D"font-family:times new roman, new york, times, serif;=
font-size:12pt"><DIV>Hi All, </DIV>=0A<DIV>&nbsp;</DIV>=0A<DIV>I am trying =
to test a web service client (using openSSL for crypto related stuff) with =
https/SSL. For this, I need to get the server cert. I was able to do this i=
n a desktop machine using the&nbsp;following command:</DIV>=0A<DIV>&nbsp;</=
DIV>=0A<DIV><FONT face=3D"Courier New">&nbsp;&nbsp;&nbsp; openssl s_client =
-connect &lt;servername&gt;:&lt;port&gt;</FONT> </DIV>=0A<DIV>and then copy=
ing the portion of the output bounded by and including:</DIV>=0A<DIV class=
=3Dsource><PRE>&nbsp;&nbsp;&nbsp; -----BEGIN CERTIFICATE-----<BR><BR>&nbsp;=
&nbsp;&nbsp; -----END CERTIFICATE-----</PRE><PRE><FONT face=3D"Times New Ro=
man"><DIV>However, when I try to do the same on another machine that is beh=
ind a proxy server, <FONT face=3D"times new roman, new york, times, serif">=
I noticed that this same command</FONT></DIV><DIV><FONT face=3D"times new r=
oman, new york, times, serif">does not work. I got an error message like th=
is:</FONT></DIV><DIV> </DIV><DIV> Loading 'screen' into ramdom st=
ate -done</DIV><DIV> gethostbyname failure</DIV><DIV> c=
onnect:errno=3D11004</DIV><DIV>&nbsp;</DIV><DIV>I also noticed that in the =
macine NOT behind the proxy server my web service client was able to commun=
icate with the</DIV><DIV>web server throught https/ssl using the server cer=
t obtained through the openssl command, but in this machine that IS behind<=
/DIV><DIV>the proxy server, the communication does not work. My
client is getting a no response error.</DIV><DIV>&nbsp;</DIV><DIV>Can anyo=
ne please advise me on this?</DIV><DIV>&nbsp;</DIV><DIV>Thanks in advance.<=
/DIV><DIV>Gordon</DIV><DIV> </DIV><DIV> </DIV></FONT></PRE><PRE><FONT fa=
ce=3D"Times New Roman"></FONT>&nbsp;</PRE></DIV></div><br>=0A=0A=0A=0A =
</body></html>
--0-1745371647-1249928548=:91537--

______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List opens...@openssl.org
Automated List Manager majo...@openssl.org

David Schwartz

unread,
Aug 10, 2009, 4:26:25 PM8/10/09
to

Gordon Brown wrote:

> However, when I try to do the same on another machine

> that is behind a proxy server, I noticed that this same command
> does not work.

NAT? Socks proxy? Squid proxy? Transparent proxy? It's not clear what you're
talking about.

> I got an error message like this:


> Loading 'screen' into ramdom state -done

> gethostbyname failure

It looks like DNS doesn't work. Is it supposed to? What happens if you
connect by IP?

> connect:errno=11004

Since you don't say what platform you're using, there's no way to make sense
of this error code.

> I also noticed that in the macine NOT behind the proxy server
> my web service client was able to communicate with the
> web server throught https/ssl using the server cert obtained
> through the openssl command, but in this machine that IS behind


> the proxy server, the communication does not work. My
> client is getting a no response error.

The term "proxy server" can mean anything (NAT, Squid, Socks, ...). And a
"no response" error can also mean many different things. (No response at the
TCP level? No response from the application?)

DS

0 new messages