On 2023-05-08 01:31, Yuri via Cygwin wrote:
I've built the proxytunnel project in Cygwin
(https://github.com/proxytunnel/proxytunnel).
It is usually used to tunnel ssh through https using the https CONNECT command.
The command "proxytunnel --no-check-certificate -E -p
{https-proxy-host}:{https-proxy-port} -d 127.0.0.1:22" works on Linux and BSD.
However, it fails in Cygwin with the exit code 1 (SSL_TLSEXT_ERR_ALERT_WARNING),
which causes this error message in proxytunnel:
> SSL_set_tlsext_host_name returned: 1 (0x1). TLS SNI error, giving up
This prevents proxytunnel from being able to connect to the remote peer.
What might be wrong?
Which Cygwin, ssl/tls-devel libraries, and ca-certificates... packages and
versions are you using?
$ man SSL_set_tlsext_host_name
says SSL_set_tlsext_host_name etc. returns 1 for success, 0 for failure?
Web search TLS SNI and you will find that either the host presents a list of
certs none of which match the host name you are connecting to, a matching cert
cannot be validated, possibly due to a missing CA chain, or one end could not
handle the list presented or cert matched; some hits offer diagnostic suggestions.
--
Take care. Thanks, Brian Inglis Calgary, Alberta, Canada
La perfection est atteinte Perfection is achieved
non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add
mais lorsqu'il n'y a plus rien à retirer but when there is no more to cut
-- Antoine de Saint-Exupéry
--
Problem reports: https://cygwin.com/problems.html
FAQ: https://cygwin.com/faq/
Documentation: https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
