ssl - Error in Stunnel -
i trying pass https request mirth engine client server. free version of mirth doesn't support https connection, have used stunnel complete me. however, request failed , getting 0 byte response.
i have checked log file , observed connection between stunnel , mirth successful (7th line). however, connection getting closed , getting below error: connection closed: 12261 byte(s) sent tls, 0 byte(s) sent socket (line no.79)
please note have installed client given certificates (2 .pem , 1 .cer) in ca-certs.pem file. great if assist me on this.
below ip details, stunnel config , debug file:
ip details:
my system ip: 10.219.207.238 target client ip: 4.59.159.120 sending servername: dilhn003.dil.aegis.net
stunnel configuration details:
[mirth] client = yes accept = 127.0.0.1:9000 connect = dilhn003.dil.aegis.net:443 cafile = ca-certs.pem
log file:
2017.09.13 17:34:35 log7[8]: service [nhinpatientdiscovery] started 2017.09.13 17:34:35 log7[8]: option tcp_nodelay set on local socket 2017.09.13 17:34:35 log5[8]: service [nhinpatientdiscovery] accepted connection 127.0.0.1:57606 2017.09.13 17:34:35 log6[8]: s_connect: connecting 4.59.159.120:443 2017.09.13 17:34:35 log7[8]: s_connect: s_poll_wait 4.59.159.120:443: waiting 10 seconds 2017.09.13 17:34:35 log5[8]: s_connect: connected 4.59.159.120:443 2017.09.13 17:34:35 log5[8]: service [nhinpatientdiscovery] connected remote server 10.219.207.238:57607 2017.09.13 17:34:35 log7[8]: option tcp_nodelay set on remote socket 2017.09.13 17:34:35 log7[8]: remote descriptor (fd=652) initialized 2017.09.13 17:34:35 log6[8]: sni: sending servername: dilhn003.dil.aegis.net 2017.09.13 17:34:35 log6[8]: peer certificate not required 2017.09.13 17:34:35 log7[8]: tls state (connect): before/connect initialization 2017.09.13 17:34:35 log7[8]: tls state (connect): sslv2/v3 write client hello 2017.09.13 17:34:36 log7[8]: tls state (connect): sslv3 read server hello 2017.09.13 17:34:36 log6[8]: certificate verification disabled 2017.09.13 17:34:36 log6[8]: certificate verification disabled 2017.09.13 17:34:36 log6[8]: certificate verification disabled 2017.09.13 17:34:36 log7[8]: tls state (connect): sslv3 read server certificate 2017.09.13 17:34:36 log7[8]: tls state (connect): sslv3 read server key exchange 2017.09.13 17:34:36 log6[8]: client ca: cn=dilhn003.dil.aegis.net, o=aegisnetinc, c=us 2017.09.13 17:34:36 log6[8]: client ca: c=us, o=equifax, ou=equifax secure certificate authority 2017.09.13 17:34:36 log6[8]: client ca: c=us, o=equifax secure inc., cn=equifax secure ebusiness ca-1 2017.09.13 17:34:36 log6[8]: client ca: c=us, o="verisign, inc.", ou=verisign trust network, ou="(c) 1999 verisign, inc. - authorized use only", cn=verisign class 2 public primary certification authority - g3 2017.09.13 17:34:36 log6[8]: client ca: c=us, o="starfield technologies, inc.", ou=starfield class 2 certification authority 2017.09.13 17:34:36 log6[8]: client ca: c=za, st=western cape, l=cape town, o=thawte consulting, ou=certification services division, cn=thawte personal freemail ca, emailaddress=personal-freemail@thawte.com 2017.09.13 17:34:36 log6[8]: client ca: c=us, o="verisign, inc.", ou=class 1 public primary certification authority - g2, ou="(c) 1998 verisign, inc. - authorized use only", ou=verisign trust network 2017.09.13 17:34:36 log6[8]: client ca: cn=aegisrootca, o=aegisnetinc, c=us 2017.09.13 17:34:36 log6[8]: client ca: c=za, st=western cape, l=cape town, o=thawte consulting cc, ou=certification services division, cn=thawte server ca, emailaddress=server-certs@thawte.com 2017.09.13 17:34:36 log6[8]: client ca: c=us, o="verisign, inc.", ou=class 3 public primary certification authority - g2, ou="(c) 1998 verisign, inc. - authorized use only", ou=verisign trust network 2017.09.13 17:34:36 log6[8]: client ca: c=us, o=equifax secure inc., cn=equifax secure global ebusiness ca-1 2017.09.13 17:34:36 log6[8]: client ca: c=us, o=equifax secure, ou=equifax secure ebusiness ca-2 2017.09.13 17:34:36 log6[8]: client ca: c=us, o=gte corporation, ou="gte cybertrust solutions, inc.", cn=gte cybertrust global root 2017.09.13 17:34:36 log6[8]: client ca: o=entrust.net, ou=www.entrust.net/ssl_cps incorp. ref. (limits liab.), ou=(c) 2000 entrust.net limited, cn=entrust.net secure server certification authority 2017.09.13 17:34:36 log6[8]: client ca: c=us, o="rsa data security, inc.", ou=secure server certification authority 2017.09.13 17:34:36 log6[8]: client ca: c=za, st=western cape, l=cape town, o=thawte consulting, ou=certification services division, cn=thawte personal premium ca, emailaddress=personal-premium@thawte.com 2017.09.13 17:34:36 log6[8]: client ca: c=za, st=western cape, l=cape town, o=thawte consulting, ou=certification services division, cn=thawte personal basic ca, emailaddress=personal-basic@thawte.com 2017.09.13 17:34:36 log6[8]: client ca: c=ie, o=baltimore, ou=cybertrust, cn=baltimore cybertrust root 2017.09.13 17:34:36 log6[8]: client ca: o=entrust.net, ou=www.entrust.net/gcca_cps incorp. ref. (limits liab.), ou=(c) 2000 entrust.net limited, cn=entrust.net client certification authority 2017.09.13 17:34:36 log6[8]: client ca: c=us, o="verisign, inc.", ou=class 3 public primary certification authority 2017.09.13 17:34:36 log6[8]: client ca: c=us, o=geotrust inc., cn=geotrust global ca 2017.09.13 17:34:36 log6[8]: client ca: c=us, st=california, l=santa clara, o=sun microsystems, ou=sun glassfish enterprise server, cn=dilhn003.dil.aegis.net 2017.09.13 17:34:36 log6[8]: client ca: c=us, o="verisign, inc.", ou=class 1 public primary certification authority 2017.09.13 17:34:36 log6[8]: client ca: cn=aegisdilca, o=aegisnetinc, c=us 2017.09.13 17:34:36 log6[8]: client ca: c=us, o="the go daddy group, inc.", ou=go daddy class 2 certification authority 2017.09.13 17:34:36 log6[8]: client ca: c=ie, o=baltimore, ou=cybertrust, cn=baltimore cybertrust code signing root 2017.09.13 17:34:36 log6[8]: client ca: c=us, o="verisign, inc.", ou=verisign trust network, ou="(c) 1999 verisign, inc. - authorized use only", cn=verisign class 1 public primary certification authority - g3 2017.09.13 17:34:36 log6[8]: client ca: c=us, o="verisign, inc.", ou=class 2 public primary certification authority - g2, ou="(c) 1998 verisign, inc. - authorized use only", ou=verisign trust network 2017.09.13 17:34:36 log6[8]: client ca: o=entrust.net, ou=www.entrust.net/cps_2048 incorp. ref. (limits liab.), ou=(c) 1999 entrust.net limited, cn=entrust.net certification authority (2048) 2017.09.13 17:34:36 log6[8]: client ca: c=us, o=gte corporation, ou="gte cybertrust solutions, inc.", cn=gte cybertrust root 5 2017.09.13 17:34:36 log6[8]: client ca: c=us, o="verisign, inc.", ou=class 2 public primary certification authority 2017.09.13 17:34:36 log6[8]: client ca: c=us, o=entrust.net, ou=www.entrust.net/cps incorp. ref. (limits liab.), ou=(c) 1999 entrust.net limited, cn=entrust.net secure server certification authority 2017.09.13 17:34:36 log6[8]: client ca: c=za, st=western cape, l=cape town, o=thawte consulting cc, ou=certification services division, cn=thawte premium server ca, emailaddress=premium-server@thawte.com 2017.09.13 17:34:36 log6[8]: client ca: c=us, o=entrust.net, ou=www.entrust.net/client_ca_info/cps incorp. ref. limits liab., ou=(c) 1999 entrust.net limited, cn=entrust.net client certification authority 2017.09.13 17:34:36 log6[8]: client ca: c=us, o="verisign, inc.", ou=verisign trust network, ou="(c) 1999 verisign, inc. - authorized use only", cn=verisign class 3 public primary certification authority - g3 2017.09.13 17:34:36 log6[8]: client ca: l=valicert validation network, o="valicert, inc.", ou=valicert class 2 policy validation authority, cn=http://www.valicert.com/, emailaddress=info@valicert.com 2017.09.13 17:34:36 log7[8]: tls state (connect): sslv3 read server certificate request 2017.09.13 17:34:36 log7[8]: tls state (connect): sslv3 read server done 2017.09.13 17:34:36 log7[8]: tls state (connect): sslv3 write client certificate 2017.09.13 17:34:36 log7[8]: tls state (connect): sslv3 write client key exchange 2017.09.13 17:34:36 log7[8]: tls state (connect): sslv3 write change cipher spec 2017.09.13 17:34:36 log7[8]: tls state (connect): sslv3 write finished 2017.09.13 17:34:36 log7[8]: tls state (connect): sslv3 flush data 2017.09.13 17:34:36 log7[8]: tls state (connect): sslv3 read finished 2017.09.13 17:34:36 log7[8]: 1 client connect(s) requested 2017.09.13 17:34:36 log7[8]: 1 client connect(s) succeeded 2017.09.13 17:34:36 log7[8]: 0 client renegotiation(s) requested 2017.09.13 17:34:36 log7[8]: 0 session reuse(s) 2017.09.13 17:34:36 log6[8]: tls connected: new session negotiated 2017.09.13 17:34:36 log7[8]: peer certificate cached (4519 bytes) 2017.09.13 17:34:36 log6[8]: negotiated tlsv1.2 ciphersuite ecdhe-rsa-aes256-sha384 (256-bit encryption) 2017.09.13 17:34:36 log7[8]: compression: null, expansion: null 2017.09.13 17:34:37 log7[8]: tls alert (read): warning: close notify 2017.09.13 17:34:37 log6[8]: tls closed (ssl_read) 2017.09.13 17:34:37 log7[8]: sent socket write shutdown 2017.09.13 17:34:37 log6[8]: read socket closed (readsocket) 2017.09.13 17:34:37 log7[8]: sending close_notify alert 2017.09.13 17:34:37 log7[8]: tls alert (write): warning: close notify 2017.09.13 17:34:37 log6[8]: ssl_shutdown sent close_notify alert 2017.09.13 17:34:37 log5[8]: connection closed: 12261 byte(s) sent tls, 0 byte(s) sent socket 2017.09.13 17:34:37 log7[8]: remote descriptor (fd=652) closed 2017.09.13 17:34:37 log7[8]: local descriptor (fd=852) closed 2017.09.13 17:34:37 log7[8]: service [nhinpatientdiscovery] finished (0 left) 2017.09.13 17:34:37 log4[8]: possible memory leak @ .\crypto\asn1\tasn_new.c:179: 59297 allocations
regards, aritra
Comments
Post a Comment