Openssl through HTTP Proxy (cUrl?)

Greetings all,

I need to get an SSL certificate from a server outside of my corporate
network. Inside the network, we use "openssl s_client -connect
host:port" to get that and then use other openssl commands to get some
information of interest. However, when accessing external sites, we
must pass through an NTLM authenticated proxy and therefore direct
connections simply give a connection refused. I Googled for some time
and found no resolution to using openssl over a proxy.

So I thought of using cUrl in some way, which can connect through the
proxy if provided with proper options and authentication. So this
allows me to connect to external sites and enabling "verbose" mode
will allow me to output some of the certificate info (issuer, exp
date, etc), but not all the info I can grab with openssl.

So the question is, is anyone aware of a way to either connect with
openssl over a NTLM authenticated proxy or retrieve all the SSL cert
info using cUrl or some other function (maybe a combination of opening
a connection with cUrl and having openssl commands run over this
connection)?
0
Daniel
9/7/2010 8:16:45 PM
comp.lang.php 32612 articles. 0 followers. Post Follow

1 Replies
619 Views

Similar Articles

[PageSpeed] 32
Hello,

on 09/07/2010 05:16 PM Daniel said the following:
> Greetings all,
> 
> I need to get an SSL certificate from a server outside of my corporate
> network. Inside the network, we use "openssl s_client -connect
> host:port" to get that and then use other openssl commands to get some
> information of interest. However, when accessing external sites, we
> must pass through an NTLM authenticated proxy and therefore direct
> connections simply give a connection refused. I Googled for some time
> and found no resolution to using openssl over a proxy.
> 
> So I thought of using cUrl in some way, which can connect through the
> proxy if provided with proper options and authentication. So this
> allows me to connect to external sites and enabling "verbose" mode
> will allow me to output some of the certificate info (issuer, exp
> date, etc), but not all the info I can grab with openssl.
> 
> So the question is, is anyone aware of a way to either connect with
> openssl over a NTLM authenticated proxy or retrieve all the SSL cert
> info using cUrl or some other function (maybe a combination of opening
> a connection with cUrl and having openssl commands run over this
> connection)?

You may want to try this HTTP client class. It supports SSL and several
authentication mechanisms including NTLM.

http://www.phpclasses.org/httpclient

You also need this package to provide NTLM client support.

http://www.phpclasses.org/sasl

-- 

Regards,
Manuel Lemos

JS Classes - Free ready to use OOP components written in JavaScript
http://www.jsclasses.org/

--- news://freenews.netfront.net/ - complaints: news@netfront.net ---
0
mlemos (662)
9/8/2010 4:58:46 AM
Reply:
Similar Artilces:

sending raw http requests with java.net.socket
I would like to be able to send HTTP requests without having to rely on java.net.URL. Any ideas as to how I'd do this? I don't see any function that'd allow me to send any sort of data on java.sun.com... yawnmoth wrote: > I would like to be able to send HTTP requests without having to rely on > java.net.URL. Any ideas as to how I'd do this? I don't see any > function that'd allow me to send any sort of data on java.sun.com... The Socket class can be used. Connect to host port 80 and send "GET /foobar.html HTTP/1.1\r\nHost: www.xxx.com\r\n\r\n"...

openssl
Has anyone managed to build the latest version of openssl (v0.9.7e) on OS/2? jp wrote: > Has anyone managed to build the latest version of openssl (v0.9.7e) on > OS/2? I got 0.9.7a to build without a problem. What errors are you getting with 0.9.7e? -- jmm dash list (at) sohnen-moe (dot) com (Remove .AXSPAMGN for email) On Fri, 7 Jan 2005 08:43:50 UTC, Jim Moe <jmm-list.AXSPAMGN@sohnen-moe.com> wrote: > jp wrote: > > Has anyone managed to build the latest version of openssl (v0.9.7e) on > > OS/2? > > I got 0.9.7a to build with...

http://graphicsn3d.blogspot.com/
http://graphicsn3d.blogspot.com/ ...

configure FIPS for openssl/stunnel in compile or run time?
Hello. Recently had a failure running binary distribution of stunnel on OpenSUSE 13.1, error was "FIPS mode not set". I can see 5 possibilities: 1. FIPS is set before compiling stunnel. 2. FIPS is set in run time for stunnel. 3. FIPS is set before compiling openssl. 4. FIPS is set in run time for openssl. 5. FIPS is an OS thing, had to get enterprise edition of SUSE to use it, or getting youself a version of stunnel without it. There is no clue which one is true, and a try-and-error would take a whole afternoon for my level. Kindly let me know how do you handle the ...

how can i get particular datafrom #<Net::HTTP google.co ope
hi, I want to fetch google.com as a data from #<Net::HTTP google.com:80 open=true> how can i fetch that ? thanks, Priyank Shah -- Posted via http://www.ruby-forum.com/. On Sep 13, 2010, at 20:46 , Priyank Shah wrote: > hi, > > I want to fetch google.com as a data from > > #<Net::HTTP google.com:80 open=true> > > how can i fetch that ? You can start by using google to try to answer your own question. On 09/13/2010 08:46 PM, Priyank Shah wrote: > hi, > > I want to fetch google.com as a data from > > #<Net::HTTP goo...

CRAP in http payload.
Dear all, I am not sure whether the following snapshot captured in snort is an intrusion pattern in http connection: 07/26-17:27:41.796540 192.168.1.20:1077 -> 218.189.120.80:8888 TCP TTL:64 TOS:0x0 ID:9507 IpLen:20 DgmLen:95 DF ***AP*** Seq: 0x755922F2 Ack: 0x8A8C74F3 Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 66848723 2170190 0x0000: 00 02 B3 8A C9 8A 00 01 02 00 68 BD 08 00 45 00 ..........h...E. 0x0010: 00 5F 25 23 40 00 40 06 EC AB C0 A8 01 14 DA BD ._%#@.@......... 0x0020: 8C 50 04 35 22 B8 75 59 22 F2 8A 8C 74 F3 80 18 .P.5".uY"...t... 0x00...

setting Expires HTTP response header
What's the easiest way to set the "Expires" HTTP response header when using WEBrick? Using the response object passed into do_GET, I think I need to do this. res['Expires'] =3D some_string The question is how to create some_string with a valid value. For example, what if I what to set it to the current date/time plus one hou= r. --=20 R. Mark Volkmann Partner, Object Computing, Inc. On 7/16/05, Mark Volkmann <r.mark.volkmann@gmail.com> wrote: > What's the easiest way to set the "Expires" HTTP response header when > using WEBrick? > Using...

openssl problem
I'm trying to access my IMAPS (dovecot) server on my laptop while on holiday. But when I run kmail I get the message "Could not connect to host <myserver>". Both server and laptop are running Fedora 7 + KDE. I suspect the problem lies in my openssl setup, as when I run openssl s_client -ssl2 -crlf -host <myserver> -port 993 I get no response - the program just waits until I press ctrl-C. I have a peephole opened at port 993 on my server, and iptables should let this through - I am running shorewall, and have IMAPS/ACCEPT net $FW in /etc/shorew...

Net::HTTP Closes STDIN
Kenneth Kalmer has brought up a HighLine issue and I'm trying to look into it. Oddly, it seems to happen when interacting with the Net::HTTP library. I've narrowed it done to the following example on my box: $ cat stdin_closed_issue.rb require 'net/http' require 'io/wait' Net::HTTP.start('www.ruby-lang.org', 80) do |http| body = http.get('/en/license.txt').body end p $stdin.eof? $ ruby stdin_closed_issue.rb true Can anyone explain why $stdin is closed after the page read? James Edward Gray II On Jan 27, 2007, at 17:13, James Edward Gray...

VPN and http NAT on a 506E
I am configuring a 506E for VPN. I have been requested to NAT the SRC Ips into an address that is different from the address that is used for usual Internet access. Research has shown that the 506E can only support 1 IP address on it's outside interface therefore I am guessing the only way to seperate VPN and normal http traffic like this is either with a router on the WAN side of the 506E or perhaps it can be down with global IP addresses or VLANs?. Any thougths gratefully received. Paul "ps" <scullionpaul@hotmail.com> wrote in message news:1129116543.627861.200340@g4...

Linking with static libraries for Python standard components such as OpenSSL
I am rebuilding Python 2.7.4 using Visual Studio 2010. As part of that, I wanted to build with a current OpenSSL version (1.0.1e) and an updated SQLite version. What I noted: the projects in the main workspace (at least in PCBuild) directly include the source code of dependent libraries. Can somebody please explain the rationale behind that? Wouldn't it be better to instead link with static libraries of these projects? Exhibit A: _ssl.pyd requires a Perl interpreter to build. (Perl! Anathema!) Instead, _ssl.pyd could very well link with the Win32 binaries for OpenSSL? Exhibit...

[Fwd: [Ruby 1.9
---------------------------- Original Message ---------------------------- Subject: [Ruby 1.9 - Bug #4530][Open] trunk "make check" gives "cannot load such file -- zlib" and "cannot load such file -- openssl" From: "Andrew Tomazos" <at1197@tomazos.net> Date: Fri, March 25, 2011 11:15 pm To: undisclosed-recipients:; -------------------------------------------------------------------------- Issue #4530 has been reported by Andrew Tomazos. ---------------------------------------- Bug #4530: trunk "make check" give...

setuptools, ez_setup over http proxy
I've recently configured my network such that I use squid as a http proxy. I'd now like to be able to use setuptools and ez_setup via this proxy. Is this possible? If so, how do I do it? The most that the setuptools documentation says is (http://peak.telecommunity.com/DevCenter/setuptools): "....If you are behind an NTLM-based firewall that prevents Python programs from accessing the net directly, you may wish to first install and use the APS proxy server, which lets you get past such firewalls in the same way that your web browser(s) do....." ps. I'm not sure that t...

openssl
Stop in /usr/ports/sysutils/portupgrade. sdcftp# cd /usr/ports/ftp/wget && make all install clean Dependency warning: used OpenSSL version contains known vulnerabilities Please update or define either WITH_OPENSSL_BASE or WITH_OPENSSL_PORT *** Error code 1 Stop in /usr/ports/ftp/wget. sdcftp# cd /usr/ports/sysutils/portupgrade/ && make all install clean ===> Vulnerability check disabled ===> Extracting for portupgrade-20040701_3 >> Checksum OK for pkgtools-20040701.tar.bz2. ===> portupgrade-20040701_3 depends on file: /usr/local/bin/ruby18 - not...

http-access2 and vars
I seem to be unable to pass vars to post requests using the body element. This param passing code works under Net::HTTP, but I need the added ability to do cookies. A sample of the code I'm trying to test is http://www.csh.rit.edu/~werkt/test.rb, and the resulting page should have something in the value field of both Email and Passwd. Maybe I'm just missing the proper type for the body, but the only way I'm able to pass those vars is to include them in the url line, which I am not sure would be included in a secure transmission (not the I'm sure post vars are anyway). Any h...

openSSL
Hello, why isn't possible to use OpenSSL with wxWidgets?!? What's the matter exactly?!? Why wxSocketBase can't cooperate with that library? Thanx in advance. Maurizio Because no one has taken the time to write it...plus it would make wxWidgets dependent upon yet another library. People have gotten wxCurl to work with OpenSSL...maybe you should try that. CKO On Tue, 15 Feb 2005 23:00:10 +0100, Maurizio <a@b.it> wrote: > > Hello, > why isn't possible to use OpenSSL with wxWidgets?!? > What's the matter exactly?!? > Why wxS...

Stay Protected When Surfing, Brand New Proxy Unblock Myspace, Facebook, Bebo At Work, School and Library!
Welcome to sp8.info, we allow you to bypass restricted sites at work, school or college, including unblocking sites like MySpace, Bebo, Facebook and plenty more! The best thing is that we are free and simple to use, so check it out and tell your friends! ww.sp8.info ...

Installing the openssl exntsion for ruby
Hi, Ruby-newbie here. I've exhausted google and I've yet to find a solution to this problem. I might be just reading the solutions wrong, but when I try to install the openssl extension for ruby (in order to use the Amazon Web Service AMI Tools) with the commands: #cd <ruby source folder>/ext/openssl #ruby extconf.rb I get the following error messages: === OpenSSL for Ruby configurator === === Checking for system dependent stuff... === checking for t_open() in -lnsl... no checking for socket() in -lsocket... no checking for assert.h... yes === Checking for required stuff......

Importing Java JKS certs into openssl
I'm using SSL for private sockets (no https used at all). I wrote the server in Java and the client is C++. I'm using JSSE's keytool for Java and openSSL for C++. How can I export the certificate in Java (keytool) in a format that I can somehow import it into something openSSL (.pem file??) will using for my C++ app? Thanks! -Robert ...

Encrypted using openssl executable, decrypting with ruby's OpenSSL module?
I have some files on my system that have been encrypted using the "openssl" executable (via "openssl rc4 -e"), and I would like to decrypt them using the "OpenSSL" ruby module. I know that the salt and iv values are stored in the files that are encrypted by the openssl executable, but I haven't been able to properly extract that information from these files so that I can use this salt and iv with the ruby OpenSSL decryption functions. Can anyone point me to a ruby example for extracting this salt and iv info from an openssl-encrypted file, so I can then decr...

Perl cgi works in http
Can anyone tell me why this script works in http, but doesn't work in httpS? I've looked everywhere for the answer, I'm at my wit's end. I know it has something to do with loading the PFProAPI, for it doesn't err at all if I don't use it. Thanks. ------- test.cgi ------- #!/usr/bin/perl -w use diagnostics; use CGI::Carp qw(fatalsToBrowser); use PFProAPI qw(pfpro); unshift( @INC, "."); print "Content-type: text/html\n\n"; print "The script worked."; -- PLEASE NOTE: comp.infosystems.www.authoring.cgi is a SELF-MO...

http://localhost
Hi , I am trying to do some web applications and I am running into the following problem. I have to save the location of my web server before I can start. The following is the cut from the instructions I am using. "If you want to use your current PC as the Web server, http://localhost is often defined as a valid Web address." I think this is instructions for Win2000 or NT. http://localhost is coming up as a bad address on my PC. I am using Win XP.Can any body help me? thanks rick Rick, Details Rick, its all about detail. Are the web pages under the default site? ...

Http Session, size, varbinary / blob, and Jdbc as persistent sessions
Hi, I am using SunOne WebServer 6.1. I would like to use JDBC as the persistent mechanism for storing sessions, and this is possible with SunOne 6.1 via the JdbcStore: http://docs.sun.com/source/817-1833-10/pwasessn.html I have tried it and it works, using the following as an example on ASE 12.5.x on Solaris SPARC with JConnect 5.x JDBC: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE sun-web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE Web Server 6.1 Servlet 2.3//EN' 'http://www.sun.com/software/sunone/appserver/dtds/sun-web-app_2_...

get proxy configuration
I would like to get my proxy configuration using PAC files. PAC files are Proxy Automatic Configuration files, which define a proxy for a specific URL. I would also like to get my proxy configuration using the browser configuration. PAC files are Proxy Automatic Configuration files, which define a proxy for a specific URL. How to do this in C/C++ ? On Jun 11, 3:28 pm, sdebr...@gmail.com wrote: > I would like to get my proxy configuration using PAC files. PAC files > are Proxy Automatic Configuration files, which define a proxy for a > specific URL. > > I would...

openssl 0.9.7e make crashes on AIX
i, I'm getting the following error when trying to "make" version 0.9.7e on AIX 5.1: In file included from ../../include/openssl/crypto.h:62, from ../../include/openssl/ui.h:62, from ../../include/openssl/ui_compat.h:63, from ../../include/openssl/des_old.h:439, from ../../include/openssl/des.h:101, from fips_rand.c:61: /bin/../lib/gcc-lib/powerpc-ibm-aix5.1.0.0/2.9-aix51-020209/include/stdlib.h:352: parse error In file included from /usr/include/sys/localedef.h:42, from...