Openssl through proxy

From linuxProblems
Jump to: navigation, search

On occasion there may be a need to run openssl to an external site, but the firewall is blocking. For example if I try the following command to get the certificate on https://linuxproblems.org:

[quick@laptop ~]$ openssl s_client -connect linuxproblems.org:443 -showcerts

The command hangs until I hit control-c. Damn that firewall!

The only way to connect out to the Internet is through the proxy but openssl doesn't have a proxy flag. A handy tool to help with this situation is proxytunnel.

In the following command, I set up a tunnel to https://linuxproblems.org on my localhost listening on port 7000. The connection goes through the proxy listening on 192.168.1.20:3128

[quick@laptop ~]$ proxytunnel -p 192.168.1.20:3128 -d linuxproblems.org:443 -a 7000

Now I get the certificate when I connect to localhost:7000 :

[quick@laptop ~]$ openssl s_client -connect localhost:7000 -showcerts 
CONNECTED(00000003)
---
Certificate chain
 0 s:/description=kEdlIjZCHqs3dvwg/C=GB/CN=direct.linuxproblems.org/emailAddress=webmaster@linuxproblems.org
   i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA
-----BEGIN CERTIFICATE-----
MIIGczCCBVugAwIBAgIDB/LlMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJ
TDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0
YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3Mg
MSBQcmltYXJ5IEludGVybWVkaWF0ZSBTZXJ2ZXIgQ0EwHhcNMTIxMTAzMjAxNjM5

What will the proxy log? On setting up the tunnel, nothing, but after closing the openssl connection command above, it will log a CONNECT.

1355005057.005     87 192.168.1.200 TCP_MISS/200 3684 CONNECT linuxproblems.org:443 - DIRECT/86.68.1.23 -

Related Pages

Openssl