Openssl through proxy

On occasion there may be a need to run openssl to an external site, but the firewall is blocking. For example if I try the following command to get the certificate on

[quick@laptop ~]$ openssl s_client -connect -showcerts

The command hangs until I hit control-c. Damn that firewall!

The only way to connect out to the Internet is through the proxy but openssl doesn't have a proxy flag. A handy tool to help with this situation is proxytunnel.

In the following command, I set up a tunnel to on my localhost listening on port 7000. The connection goes through the proxy listening on

[quick@laptop ~]$ proxytunnel -p -d -a 7000

Now I get the certificate when I connect to localhost:7000 :

[quick@laptop ~]$ openssl s_client -connect localhost:7000 -showcerts 
Certificate chain
 0 s:/description=kEdlIjZCHqs3dvwg/C=GB/
   i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA

What will the proxy log? On setting up the tunnel, nothing, but after closing the openssl connection command above, it will log a CONNECT.

1355005057.005     87 TCP_MISS/200 3684 CONNECT - DIRECT/ -

Related Pages