Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

ssl client behind http proxy

299 views
Skip to first unread message

Selçuk Cihan

unread,
Jun 12, 2009, 5:29:03 AM6/12/09
to
--001e680f0c842bd88e046c233c38
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Hi, i use openssl-0.9.8k on windows vista. i set up a local http proxy for
development purposes.

i need to be able to have ssl communication from a client that is behind
http proxy.
Socket creation and connecting to the local proxy server is fine(using
winsock2)
Then, from what i have grabbed wandering through this mailing list, i send
"CONNECT host:port HTTP/1.0" message over the connection, with two CRLF
appended.
I read the response (until i get two CRLF), which says http 200, everything
is fine

At this point, i have a good connection i believe. Next, a bio is created
from the file descriptor of the socket with
m_pBio = BIO_new_socket(m_fd, BIO_NOCLOSE);
We get an ssl pointer from the context and bind the bio to it by calling
SSL_set_bio(m_pSSL, m_pBio, m_pBio)

these two calls follow
SSL_set_mode(m_pSSL, SSL_MODE_AUTO_RETRY);
BIO_set_nbio(m_pBio, 0);
and finally i call code = SSL_connect(m_pSSL); which fails
SSL_connect returns 0, and when i call SSL_get_error i get SSL_ERROR_SYSCALL
i call WSAGetLastError() of winsock, it returns 0.

Everything works fine if i connect directly to ssl server.

Any help, idea, truely appreciated

--001e680f0c842bd88e046c233c38
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Hi, i use openssl-0.9.8k on windows vista. i set up a local http proxy for =
development purposes.<br><br>i need to be able to have ssl communication fr=
om a client that is behind http proxy.<br>Socket creation and connecting to=
the local proxy server is fine(using winsock2)<br>
Then, from what i have grabbed wandering through this mailing list, i send =
&quot;CONNECT host:port HTTP/1.0&quot; message over the connection, with tw=
o CRLF appended.<br>I read the response (until i get two CRLF), which says =
http 200, everything is fine<br>
<br>At this point, i have a good connection i believe. Next, a bio is creat=
ed from the file descriptor of the socket with<br>m_pBio =3D BIO_new_socket=
(m_fd, BIO_NOCLOSE);<br>We get an ssl pointer from the context and bind the=
bio to it by calling<br>
SSL_set_bio(m_pSSL, m_pBio, m_pBio)<br><br>these two calls follow<br>=A0=A0=
=A0 SSL_set_mode(m_pSSL, SSL_MODE_AUTO_RETRY);<br>=A0=A0=A0 BIO_set_nbio(m_=
pBio, 0);<br>and finally i call code =3D SSL_connect(m_pSSL); which fails<b=
r>SSL_connect returns 0, and when i call SSL_get_error i get SSL_ERROR_SYSC=
ALL<br>
i call WSAGetLastError() of winsock, it returns 0.<br><br>Everything works =
fine if i connect directly to ssl server.<br><br>Any help, idea, truely app=
reciated<br>

--001e680f0c842bd88e046c233c38--
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org

Dave Thompson

unread,
Jun 16, 2009, 7:51:00 PM6/16/09
to
> From: owner-ope...@openssl.org On Behalf Of Sel=E7uk Cihan
> Sent: Friday, 12 June, 2009 05:22
=09

> Hi, i use openssl-0.9.8k on windows vista. i set up a local http
proxy=20
> for development purposes.
>=09

> i need to be able to have ssl communication from a client that is
behind http proxy.
> Socket creation and connecting to the local proxy server is
fine(using winsock2)
> Then, from what i have grabbed wandering through this mailing list,=20
> i send "CONNECT host:port HTTP/1.0" message over the connection, with =

two
CRLF appended.
> I read the response (until i get two CRLF), which says http 200,
everything is fine
=09
> m_pBio =3D BIO_new_socket(m_fd, BIO_NOCLOSE);

> SSL_set_bio(m_pSSL, m_pBio, m_pBio)

> SSL_set_mode(m_pSSL, SSL_MODE_AUTO_RETRY);
> BIO_set_nbio(m_pBio, 0);
> and finally i call code =3D SSL_connect(m_pSSL); which fails


> SSL_connect returns 0, and when i call SSL_get_error i get
SSL_ERROR_SYSCALL
> i call WSAGetLastError() of winsock, it returns 0.

These seem to indicate that the local (client to proxy) TCP connection=20
was closed gracefully at TCP level, but it shouldn't have been.=20
Do you get any logging or console output from the proxy?=20
Does it have tracing or debug options you can use?
Or can you put tcpdump or ssldump or similar on it?

Can you see with netstat or similar that a connection exists=20
1) before CONNECT: from client to proxy
2) after CONNECT: client-proxy also proxy-server
3) after SSL_connect: NOT client-proxy? what about proxy-server?

Алексей Деркач

unread,
Aug 5, 2023, 2:48:16 PM8/5/23
to
среда, 17 июня 2009 г. в 02:51:00 UTC+3, Dave Thompson:
cool

Алексей Деркач

unread,
Aug 5, 2023, 2:48:50 PM8/5/23
to
суббота, 5 августа 2023 г. в 21:48:16 UTC+3, Алексей Деркач:
As a freelancer, I've discovered that proxy servers can enhance my work opportunities and income potential. With proxies, I can https://webhostinggeeks.com/blog/proxy-server-definition-functionality-types/ access job platforms from different regions, giving me access to a wider pool of clients and projects. Moreover, proxies enable me to protect my identity and privacy while working on various online platforms, ensuring a secure and productive freelancing experience.
0 new messages