Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Re: Binding outgoing SSL connection to certain IP address
711 views
Skip to first unread message
Michael Ionescu | Karlsruhe
Apr 27, 2011, 5:33:43 AM4/27/11
to
Hi all,
I've been looking for a way to bind the openssl s_client command line tool to a certain outgoing IP on a multi-IP host and all I've found was a thread on how to do that using the library:
http://marc.info/?l=openssl-users&m=127166957110771&w=2
Is there maybe some obscure bind option the likes of
netcat -s 192.168.5.1 mx.example.com 25
to accomplish this?
What I'm trying to do is check the TLS cert on mx.example.com where this MX only accepts connections from a secondary IP of the host I'm coming from, as I would by saying
openssl s_client -showcerts -CApath /etc/postfix/tls/cacerts.d/ -starttls smtp -connect mx.example.com:25
I was hoping for was an option such as
openssl s_client -s 192.168.5.1
or
openssl s_client -bind 192.168.5.1
but I guess not.
Did I miss it? Is it just undocumented? Do I have to build a non-vanilla openssl s_client? Is there a way to connect the vanilla client through another tool?
Thanks,
Mike
I've been looking for a way to bind the openssl s_client command line tool to a certain outgoing IP on a multi-IP host and all I've found was a thread on how to do that using the library:
http://marc.info/?l=openssl-users&m=127166957110771&w=2
Is there maybe some obscure bind option the likes of
netcat -s 192.168.5.1 mx.example.com 25
to accomplish this?
What I'm trying to do is check the TLS cert on mx.example.com where this MX only accepts connections from a secondary IP of the host I'm coming from, as I would by saying
openssl s_client -showcerts -CApath /etc/postfix/tls/cacerts.d/ -starttls smtp -connect mx.example.com:25
I was hoping for was an option such as
openssl s_client -s 192.168.5.1
or
openssl s_client -bind 192.168.5.1
but I guess not.
Did I miss it? Is it just undocumented? Do I have to build a non-vanilla openssl s_client? Is there a way to connect the vanilla client through another tool?
Thanks,
Mike
0 new messages