Hi David, Thanks for the reply. With regard to my questions, as I really don't have deep knowledge about proxy server, so they might be a bit ambiguous.
I think the proxy server I am taking about here is a transparant proxy. It is also the proxy server I have to set in IE browser in order to browse internet (go to internet Options->Local Area Network Settings->Proxy Server). What I was trying to do is to test my web service client with https/SSL connection. As I said, HTTPS/SSL (using openSSL technology) fails when the proxy server is involved. However, I also noticed that regular web services using HTTP (not https) are just fine even my web service client is behind the proxy server as long as I specify the proxy server host and port properly. The question I am asking here is if the command "openssl s_client -connect <serverhost>:<port>" is supposed to work behind a proxy server? How should I specify the proxy settings in this command? Thanks! Gordon ________________________________ From: David Schwartz <dav...@webmaster.com> To: openssl-users@openssl.org; openssl-...@openssl.org Sent: Monday, August 10, 2009 1:25:09 PM Subject: RE: openssl s_client behind proxy server Gordon Brown wrote: > However, when I try to do the same on another machine > that is behind a proxy server, I noticed that this same command > does not work. NAT? Socks proxy? Squid proxy? Transparent proxy? It's not clear what you're talking about. > I got an error message like this: > Loading 'screen' into ramdom state -done > gethostbyname failure It looks like DNS doesn't work. Is it supposed to? What happens if you connect by IP? > connect:errno=11004 Since you don't say what platform you're using, there's no way to make sense of this error code. > I also noticed that in the macine NOT behind the proxy server > my web service client was able to communicate with the > web server throught https/ssl using the server cert obtained > through the openssl command, but in this machine that IS behind > the proxy server, the communication does not work. My > client is getting a no response error. The term "proxy server" can mean anything (NAT, Squid, Socks, ...). And a "no response" error can also mean many different things. (No response at the TCP level? No response from the application?) DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
