[Comm] https debug in browsers

Eugene Prokopiev =?iso-8859-1?q?prokopiev_=CE=C1_stc=2Edonpac=2Eru?=
Ср Дек 6 16:07:17 MSK 2006 

>>1. HTTP+stunnel; вообще stunnel рекомендую всячески
> 
> 
> запустил, первая страничка отобразилась, но после попытки пройти 
> form-based авторизацию все браузеры (Gecko и links) отваливаются со 
> словами вроде SSL error

если быть точным, то Firefox заявляет: "The connection to localhost:8080 
has terminated unexpectedly. Some data may have been transferred."

stunnel при этом говорит:

# stunnel -c -d 8080 -r hostname.ru:443 -D 7 -f

2006.12.06 15:58:06 LOG5[5139:16384]: Using 'hostname.ru.443' as 
tcpwrapper service name
2006.12.06 15:58:06 LOG7[5139:16384]: Snagged 64 random bytes from 
/root/.rnd
2006.12.06 15:58:06 LOG7[5139:16384]: Wrote 1024 new random bytes to 
/root/.rnd
2006.12.06 15:58:06 LOG7[5139:16384]: RAND_status claims sufficient 
entropy for the PRNG
2006.12.06 15:58:06 LOG6[5139:16384]: PRNG seeded successfully
2006.12.06 15:58:06 LOG5[5139:16384]: stunnel 3.26 on i586-alt-linux-gnu 
PTHREAD+LIBWRAP with OpenSSL 0.9.7d 17 Mar 2004
2006.12.06 15:58:06 LOG7[5139:16384]: Created pid file 
/var/run/stunnel.hostname.ru.443.pid
2006.12.06 15:58:06 LOG5[5139:16384]: FD_SETSIZE=1024, file ulimit=1024 
-> 500 clients allowed
2006.12.06 15:58:06 LOG7[5139:16384]: SO_REUSEADDR option set on accept 
socket
2006.12.06 15:58:06 LOG7[5139:16384]: hostname.ru.443 bound to 0.0.0.0:8080
2006.12.06 15:58:15 LOG7[5139:16384]: hostname.ru.443 accepted FD=7 from 
127.0.0.1:32810
2006.12.06 15:58:15 LOG7[5142:16386]: hostname.ru.443 started
2006.12.06 15:58:15 LOG5[5142:16386]: hostname.ru.443 connected from 
127.0.0.1:32810
2006.12.06 15:58:15 LOG7[5142:16386]: hostname.ru.443 connecting 
65.181.62.138:443
2006.12.06 15:58:15 LOG7[5142:16386]: Remote FD=10 initialized
2006.12.06 15:58:15 LOG7[5142:16386]: Relying on OpenSSL RSA Blinding.
2006.12.06 15:58:15 LOG7[5142:16386]: SSL state (connect): 
before/connect initialization
2006.12.06 15:58:15 LOG7[5142:16386]: SSL state (connect): SSLv3 write 
client hello A
2006.12.06 15:58:15 LOG7[5142:16386]: SSL state (connect): SSLv3 read 
server hello A
2006.12.06 15:58:15 LOG7[5142:16386]: SSL state (connect): SSLv3 read 
server certificate A
2006.12.06 15:58:15 LOG7[5142:16386]: SSL state (connect): SSLv3 read 
server key exchange A
2006.12.06 15:58:15 LOG7[5142:16386]: SSL state (connect): SSLv3 read 
server done A
2006.12.06 15:58:15 LOG7[5142:16386]: SSL state (connect): SSLv3 write 
client key exchange A
2006.12.06 15:58:15 LOG7[5142:16386]: SSL state (connect): SSLv3 write 
change cipher spec A
2006.12.06 15:58:15 LOG7[5142:16386]: SSL state (connect): SSLv3 write 
finished A
2006.12.06 15:58:15 LOG7[5142:16386]: SSL state (connect): SSLv3 flush data
2006.12.06 15:58:15 LOG7[5142:16386]: SSL state (connect): SSLv3 read 
finished A
2006.12.06 15:58:15 LOG7[5142:16386]:    1 items in the session cache
2006.12.06 15:58:15 LOG7[5142:16386]:    1 client connects (SSL_connect())
2006.12.06 15:58:15 LOG7[5142:16386]:    1 client connects that finished
2006.12.06 15:58:15 LOG7[5142:16386]:    0 client renegotiatations requested
2006.12.06 15:58:15 LOG7[5142:16386]:    0 server connects (SSL_accept())
2006.12.06 15:58:15 LOG7[5142:16386]:    0 server connects that finished
2006.12.06 15:58:15 LOG7[5142:16386]:    0 server renegotiatiations 
requested
2006.12.06 15:58:15 LOG7[5142:16386]:    0 session cache hits
2006.12.06 15:58:15 LOG7[5142:16386]:    0 session cache misses
2006.12.06 15:58:15 LOG7[5142:16386]:    0 session cache timeouts
2006.12.06 15:58:15 LOG6[5142:16386]: Negotiated ciphers: 
EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
2006.12.06 15:58:20 LOG7[5142:16386]: Socket closed on read
2006.12.06 15:58:20 LOG7[5142:16386]: SSL alert (write): warning: close 
notify
2006.12.06 15:58:20 LOG7[5142:16386]: SSL write shutdown (output buffer 
empty)
2006.12.06 15:58:20 LOG7[5139:16384]: hostname.ru.443 accepted FD=11 
from 127.0.0.1:32812
2006.12.06 15:58:20 LOG7[5144:32771]: hostname.ru.443 started
2006.12.06 15:58:20 LOG5[5144:32771]: hostname.ru.443 connected from 
127.0.0.1:32812
2006.12.06 15:58:20 LOG7[5144:32771]: hostname.ru.443 connecting 
65.181.62.138:443
2006.12.06 15:58:20 LOG7[5142:16386]: SSL alert (read): warning: close 
notify
2006.12.06 15:58:20 LOG7[5142:16386]: SSL closed on SSL_read
2006.12.06 15:58:20 LOG7[5142:16386]: Socket write shutdown (output 
buffer empty)
2006.12.06 15:58:20 LOG5[5142:16386]: Connection closed: 1011 bytes sent 
to SSL, 2411 bytes sent to socket
2006.12.06 15:58:20 LOG7[5142:16386]: hostname.ru.443 finished (0 left)
2006.12.06 15:58:20 LOG7[5144:32771]: Remote FD=12 initialized
2006.12.06 15:58:20 LOG7[5144:32771]: Relying on OpenSSL RSA Blinding.
2006.12.06 15:58:20 LOG7[5144:32771]: SSL state (connect): 
before/connect initialization
2006.12.06 15:58:20 LOG7[5144:32771]: SSL state (connect): SSLv3 write 
client hello A
2006.12.06 15:58:20 LOG7[5144:32771]: SSL state (connect): SSLv3 read 
server hello A
2006.12.06 15:58:20 LOG7[5144:32771]: SSL state (connect): SSLv3 read 
finished A
2006.12.06 15:58:20 LOG7[5144:32771]: SSL state (connect): SSLv3 write 
change cipher spec A
2006.12.06 15:58:20 LOG7[5144:32771]: SSL state (connect): SSLv3 write 
finished A
2006.12.06 15:58:20 LOG7[5144:32771]: SSL state (connect): SSLv3 flush data
2006.12.06 15:58:20 LOG7[5144:32771]:    1 items in the session cache
2006.12.06 15:58:20 LOG7[5144:32771]:    2 client connects (SSL_connect())
2006.12.06 15:58:20 LOG7[5144:32771]:    2 client connects that finished
2006.12.06 15:58:20 LOG7[5144:32771]:    0 client renegotiatations requested
2006.12.06 15:58:20 LOG7[5144:32771]:    0 server connects (SSL_accept())
2006.12.06 15:58:20 LOG7[5144:32771]:    0 server connects that finished
2006.12.06 15:58:20 LOG7[5144:32771]:    0 server renegotiatiations 
requested
2006.12.06 15:58:20 LOG7[5144:32771]:    1 session cache hits
2006.12.06 15:58:20 LOG7[5144:32771]:    0 session cache misses
2006.12.06 15:58:20 LOG7[5144:32771]:    0 session cache timeouts
2006.12.06 15:58:20 LOG6[5144:32771]: Negotiated ciphers: 
EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
2006.12.06 15:58:25 LOG7[5139:16384]: hostname.ru.443 accepted FD=7 from 
127.0.0.1:32814
2006.12.06 15:58:25 LOG7[5145:49154]: hostname.ru.443 started
2006.12.06 15:58:25 LOG5[5145:49154]: hostname.ru.443 connected from 
127.0.0.1:32814
2006.12.06 15:58:25 LOG7[5145:49154]: hostname.ru.443 connecting 
65.181.62.138:443
2006.12.06 15:58:25 LOG7[5145:49154]: Remote FD=10 initialized
2006.12.06 15:58:25 LOG7[5145:49154]: Relying on OpenSSL RSA Blinding.
2006.12.06 15:58:25 LOG7[5145:49154]: SSL state (connect): 
before/connect initialization
2006.12.06 15:58:25 LOG7[5145:49154]: SSL state (connect): SSLv3 write 
client hello A
2006.12.06 15:58:25 LOG7[5145:49154]: SSL state (connect): SSLv3 read 
server hello A
2006.12.06 15:58:25 LOG7[5145:49154]: SSL state (connect): SSLv3 read 
finished A
2006.12.06 15:58:25 LOG7[5145:49154]: SSL state (connect): SSLv3 write 
change cipher spec A
2006.12.06 15:58:25 LOG7[5145:49154]: SSL state (connect): SSLv3 write 
finished A
2006.12.06 15:58:25 LOG7[5145:49154]: SSL state (connect): SSLv3 flush data
2006.12.06 15:58:25 LOG7[5145:49154]:    1 items in the session cache
2006.12.06 15:58:25 LOG7[5145:49154]:    3 client connects (SSL_connect())
2006.12.06 15:58:25 LOG7[5145:49154]:    3 client connects that finished
2006.12.06 15:58:25 LOG7[5145:49154]:    0 client renegotiatations requested
2006.12.06 15:58:25 LOG7[5145:49154]:    0 server connects (SSL_accept())
2006.12.06 15:58:25 LOG7[5145:49154]:    0 server connects that finished
2006.12.06 15:58:25 LOG7[5145:49154]:    0 server renegotiatiations 
requested
2006.12.06 15:58:25 LOG7[5145:49154]:    2 session cache hits
2006.12.06 15:58:25 LOG7[5145:49154]:    0 session cache misses
2006.12.06 15:58:25 LOG7[5145:49154]:    0 session cache timeouts
2006.12.06 15:58:25 LOG6[5145:49154]: Negotiated ciphers: 
EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
2006.12.06 15:58:25 LOG7[5145:49154]: SSL alert (read): warning: close 
notify
2006.12.06 15:58:25 LOG7[5145:49154]: SSL closed on SSL_read
2006.12.06 15:58:25 LOG7[5145:49154]: SSL alert (write): warning: close 
notify
2006.12.06 15:58:25 LOG7[5145:49154]: SSL write shutdown (output buffer 
empty)
2006.12.06 15:58:25 LOG7[5145:49154]: Socket write shutdown (output 
buffer empty)
2006.12.06 15:58:25 LOG5[5145:49154]: Connection closed: 105 bytes sent 
to SSL, 42 bytes sent to socket
2006.12.06 15:58:25 LOG7[5145:49154]: hostname.ru.443 finished (1 left)
2006.12.06 15:58:29 LOG3[5139:16384]: Received signal 2; terminating
2006.12.06 15:58:29 LOG7[5139:16384]: removing pid file 
/var/run/stunnel.hostname.ru.443.pid

Кстати, сертификат на том конце самоподписанный и с истекшим сроком 
годности. Может ли это быть причиной проблемы?

-- 
С уважением, Прокопьев Евгений

Подробная информация о списке рассылки community