Ключевое слово в защите информации
КЛЮЧЕВОЕ СЛОВО
в защите информации
Получить ГОСТ TLS-сертификат для домена (SSL-сертификат)
Добро пожаловать, Гость! Чтобы использовать все возможности Вход или Регистрация.

Уведомление

Icon
Error
Установка и настройка STUNNEL под Linux,AIX,Solaris
Опции
К последнему сообщению К первому непрочитанному
Предыдущая тема Следующая тема
Offline million  
#1 Оставлено : 18 октября 2010 г. 0:32:37(UTC)
million

Статус: Новичок

Группы: Участники
Зарегистрирован: 03.10.2010(UTC)
Сообщений: 4
Откуда: Tula
Добрый день всем.

Возникла проблема настройки STUNNEL Крипто-Про под Linux, AIX, Solaris.
Установил Крипто-Про CSP 3.6R1 и пакет с STUNNEL.
Дальше получаю сертификаты клиента и сервера:
Код:

/opt/cprocsp/bin/ia32/cryptcp -creatcert -dn "CN=linux-mil" -both -cont "\\\\.\\HDIMAGE\\tlsserver" -ku -certusage "1.3.6.1.5.5.7.3.1" -ca http://www.cryptopro.ru/certsrv
/opt/cprocsp/bin/ia32/cryptcp -creatcert -dn "CN=mil"       -both -cont "\\\\.\\HDIMAGE\\tlsclient" -ku -certusage "1.3.6.1.5.5.7.3.2" -ca http://www.cryptopro.ru/certsrv

Дальше экспортирую ключи в файл в DER формате:
Код:

/opt/cprocsp/bin/ia32/certmgr -export -store My -cert -dest ~/cprocsp/stunnel/server-gost.crt
/opt/cprocsp/bin/ia32/certmgr -export -store My -cert -dest ~/cprocsp/stunnel/client-gost.crt

Устанавливаю под root корневой сертификат УЦ забрав по ссылке http://www.cryptopro.ru/certsrv/certcarc.asp
Код:

/opt/cprocsp/bin/ia32/certmgr -inst -store Root -file ~/cprocsp/stunnel/root-gost.cer


Дальше настриваю конфигурационный файл клиента STUNNEL
Код:

; Sample stunnel configuration file by Michal Trojnara 2002-2006
; Some options used here may not be adequate for your particular configuration
; Please make sure you understand them (especially the effect of chroot jail)

; Certificate/key is needed in server mode and optional in client mode
cert = /mil/home/cprocsp/stunnel/client-gost.crt
;key = /mil/home/cprocsp/stunnel/linux-mil.key

; Protocol version (all, SSLv2, SSLv3, TLSv1)
;sslVersion = SSLv3

; Some security enhancements for UNIX systems - comment them out on Win32
;chroot = /opt/cprocsp/var/lib/stunnel/
;setuid = root
;setgid = root
; PID is created inside chroot jail
pid = /home/mil/cprocsp/stunnel/stunnel-client.pid

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
;compression = rle

; Workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS

; Authentication stuff
;verify = 2
; Don't forget to c_rehash CApath
; CApath is located inside chroot jail
;CApath = /certs
; It's often easier to use CAfile
CAfile = /mil/home/cprocsp/stunnel/root-gost.crt
; Don't forget to c_rehash CRLpath
; CRLpath is located inside chroot jail
;CRLpath = /crls
; Alternatively you can use CRLfile
;CRLfile = /mil/home/cprocsp/stunnel/crls.pem

; Some debugging stuff useful for troubleshooting
debug = 7
output = /home/mil/cprocsp/stunnel/stunnel-client.log

; Use it for client mode
client = yes

[https]
accept  = localhost:9443
connect = www.cryptopro.ru:9443
;TIMEOUTclose = 0

; vim:ft=dosini


Запускаю, захожу по ссылке http://localhost:9443/cryptopro/products/csp/test/tls-cli.asp
ничего не отображается и смотрю лог:
Код:

2010.10.17 19:45:20 LOG5[10459:0]: stunnel 4.18 on i686-pc-linux-gnu
2010.10.17 19:45:20 LOG5[10459:0]: Threading:FORK Sockets:POLL,IPv4 Auth:LIBWRAP
2010.10.17 19:45:20 LOG6[10459:0]: file ulimit = 1024 (can be changed with 'ulimit -n')
2010.10.17 19:45:20 LOG6[10459:0]: poll() used - no FD_SETSIZE limit for file descriptors
2010.10.17 19:45:20 LOG5[10459:0]: 0 clients allowed
2010.10.17 19:45:20 LOG7[10459:0]: FD 5 in non-blocking mode
2010.10.17 19:45:20 LOG7[10459:0]: FD 6 in non-blocking mode
2010.10.17 19:45:20 LOG7[10459:0]: FD 7 in non-blocking mode
2010.10.17 19:45:20 LOG7[10459:0]: SO_REUSEADDR option set on accept socket
2010.10.17 19:45:20 LOG7[10459:0]: https bound to 127.0.0.1:9443
2010.10.17 19:45:20 LOG7[10462:0]: Created pid file /home/mil/cprocsp/stunnel/stunnel-client.pid
2010.10.17 19:45:44 LOG7[10462:0]: https accepted FD=9 from 127.0.0.1:45817
2010.10.17 19:45:44 LOG7[10467:0]: client start
2010.10.17 19:45:44 LOG7[10467:0]: https started
2010.10.17 19:45:44 LOG7[10467:0]: FD 9 in non-blocking mode
2010.10.17 19:45:44 LOG7[10467:0]: TCP_NODELAY option set on local socket
2010.10.17 19:45:44 LOG7[10467:0]: FD 7 in non-blocking mode
2010.10.17 19:45:44 LOG7[10467:0]: FD 10 in non-blocking mode
2010.10.17 19:45:44 LOG7[10467:0]: Connection from 127.0.0.1:45817 permitted by libwrap
2010.10.17 19:45:44 LOG5[10467:0]: https connected from 127.0.0.1:45817
2010.10.17 19:45:44 LOG7[10467:0]: FD 12 in non-blocking mode
2010.10.17 19:45:44 LOG7[10467:0]: https connecting 
2010.10.17 19:45:44 LOG7[10467:0]: connect_wait: waiting 10 seconds
2010.10.17 19:45:44 LOG7[10467:0]: connect_wait: connected
2010.10.17 19:45:44 LOG7[10467:0]: Remote FD=12 initialized
2010.10.17 19:45:44 LOG7[10467:0]: TCP_NODELAY option set on remote socket
2010.10.17 19:45:44 LOG7[10467:0]: start SSPI connect
2010.10.17 19:45:44 LOG3[10467:0]: open(/mil/home/cprocsp/stunnel/client-gost.crt) failed: 0d 

2010.10.17 19:45:44 LOG3[10467:0]: Error creating credentials
2010.10.17 19:45:44 LOG5[10467:0]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
2010.10.17 19:45:44 LOG7[10467:0]: free Buffers
2010.10.17 19:45:44 LOG7[10467:0]: delete c->hClientCreds
2010.10.17 19:45:44 LOG5[10467:0]: incomp_mess = 0, extra_data = 0
2010.10.17 19:45:44 LOG7[10467:0]: removing pid file /home/mil/cprocsp/stunnel/stunnel-client.pid
2010.10.17 19:45:44 LOG7[10462:0]: Cleaning up the signal pipe
2010.10.17 19:45:44 LOG7[10462:0]: Process 10467 finished with code 0 (0 left)


Короче ошибка :(
2010.10.17 19:45:44 LOG3[10467:0]: open(/mil/home/cprocsp/stunnel/client-gost.crt) failed: 0d
2010.10.17 19:45:44 LOG3[10467:0]: Error creating credentials

Создаю конфигурационный файл сервера STUNNEL
Код:

; Sample stunnel configuration file by Michal Trojnara 2002-2006
; Some options used here may not be adequate for your particular configuration
; Please make sure you understand them (especially the effect of chroot jail)

; Certificate/key is needed in server mode and optional in client mode
cert = /mil/home/cprocsp/stunnel/server-gost.crt
;key = /mil/home/cprocsp/stunnel/linux-mil.key

; Protocol version (all, SSLv2, SSLv3, TLSv1)
;sslVersion = SSLv3

; Some security enhancements for UNIX systems - comment them out on Win32
;chroot = /opt/cprocsp/var/lib/stunnel/
;setuid = root
;setgid = root
; PID is created inside chroot jail
pid = /home/mil/cprocsp/stunnel/stunnel-server.pid

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
;compression = rle

; Workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS

; Authentication stuff
;verify = 2
; Don't forget to c_rehash CApath
; CApath is located inside chroot jail
;CApath = /certs
; It's often easier to use CAfile
CAfile = /mil/home/cprocsp/stunnel/root-gost.crt
; Don't forget to c_rehash CRLpath
; CRLpath is located inside chroot jail
;CRLpath = /crls
; Alternatively you can use CRLfile
;CRLfile = /mil/home/cprocsp/stunnel/crls.pem

; Some debugging stuff useful for troubleshooting
debug = 7
output = /home/mil/cprocsp/stunnel/stunnel-server.log

; Use it for client mode
;client = yes

; Service-level configuration

[https]
accept  = 7443
connect = localhost:7777
;TIMEOUTclose = 0

; vim:ft=dosini


запускаю и смотрю лог
Код:

2010.10.17 18:17:23 LOG5[9724:0]: stunnel 4.18 on i686-pc-linux-gnu
2010.10.17 18:17:23 LOG5[9724:0]: Threading:FORK Sockets:POLL,IPv4 Auth:LIBWRAP
2010.10.17 18:17:23 LOG6[9724:0]: file ulimit = 1024 (can be changed with 'ulimit -n')
2010.10.17 18:17:23 LOG6[9724:0]: poll() used - no FD_SETSIZE limit for file descriptors
2010.10.17 18:17:23 LOG5[9724:0]: 0 clients allowed
2010.10.17 18:17:23 LOG7[9724:0]: FD 5 in non-blocking mode
2010.10.17 18:17:23 LOG7[9724:0]: FD 6 in non-blocking mode
2010.10.17 18:17:23 LOG7[9724:0]: FD 7 in non-blocking mode
2010.10.17 18:17:23 LOG7[9724:0]: SO_REUSEADDR option set on accept socket
2010.10.17 18:17:23 LOG7[9724:0]: https bound to 0.0.0.0:7443
2010.10.17 18:17:23 LOG7[9725:0]: Created pid file /home/mil/cprocsp/stunnel/stunnel-server.pid
2010.10.17 18:17:23 LOG3[9725:0]: open(/mil/home/cprocsp/stunnel/server-gost.crt) failed: 0d 

2010.10.17 18:17:23 LOG3[9725:0]: Error creating credentials

2010.10.17 18:17:23 LOG7[9725:0]: removing pid file /home/mil/cprocsp/stunnel/stunnel-server.pid


короче снова таже ошибка:
2010.10.17 18:17:23 LOG3[9725:0]: open(/mil/home/cprocsp/stunnel/server-gost.crt) failed: 0d
2010.10.17 18:17:23 LOG3[9725:0]: Error creating credentials


Все аналогично на каждой из платформ Linux, AIX, Solaris. Правда после запуска STUNNEL под AIX он перегрузился, ну это другая уже беда.

Помогите разобраться в чем дело. Что не так с сертификатами. Вроде корневой сертификат CA установлен, пробовал во все хранилища ставить и My и CA и Root.
:(
Вверх
WWW

Wanna join the discussion?! Login to your Форум КриптоПро forum accountor Register a new forum account.
Вверх  
Offline Татьяна  
#2 Оставлено : 18 октября 2010 г. 14:58:47(UTC)
Татьяна

Статус: Сотрудник

Группы: Участники
Зарегистрирован: 06.02.2008(UTC)
Сообщений: 1,491
Откуда: Крипто-Про

Поблагодарили: 40 раз в 37 постах
все действия(установку сертификатов, запуск stunnel, запуск клиентского приложения) делаете от имени одного и того же пользователя?
на файл /mil/home/cprocsp/stunnel/client-gost.crt есть права?

Точно должно быть именно /mil/home ? может /home/mil ? :)
Татьяна
ООО Крипто-Про
Вверх
Offline million  
#3 Оставлено : 18 октября 2010 г. 16:06:26(UTC)
million

Статус: Новичок

Группы: Участники
Зарегистрирован: 03.10.2010(UTC)
Сообщений: 4
Откуда: Tula
Спасибо большое. Слона то я и не заметил. Путь то неверный к файлу. :(
Сейчас исправлю и проверю.
Вверх
WWW
Offline million  
#4 Оставлено : 18 октября 2010 г. 16:11:08(UTC)
million

Статус: Новичок

Группы: Участники
Зарегистрирован: 03.10.2010(UTC)
Сообщений: 4
Откуда: Tula
Поправил, но клиент все равно не работает. :( не могу открыть тестовую страницу с ваего сайта по https. Корневая по https открывается, но вот тестовая нет :(
вот лог
[code]
2010.10.18 12:02:17 LOG5[4413:0]: stunnel 4.18 on i686-pc-linux-gnu
2010.10.18 12:02:17 LOG5[4413:0]: Threading:FORK Sockets:POLL,IPv4 Auth:LIBWRAP
2010.10.18 12:02:17 LOG6[4413:0]: file ulimit = 1024 (can be changed with 'ulimit -n')
2010.10.18 12:02:17 LOG6[4413:0]: poll() used - no FD_SETSIZE limit for file descriptors
2010.10.18 12:02:17 LOG5[4413:0]: 0 clients allowed
2010.10.18 12:02:17 LOG7[4413:0]: FD 5 in non-blocking mode
2010.10.18 12:02:17 LOG7[4413:0]: FD 6 in non-blocking mode
2010.10.18 12:02:17 LOG7[4413:0]: FD 7 in non-blocking mode
2010.10.18 12:02:17 LOG7[4413:0]: SO_REUSEADDR option set on accept socket
2010.10.18 12:02:17 LOG7[4413:0]: https bound to 127.0.0.1:9443
2010.10.18 12:02:17 LOG7[4415:0]: Created pid file /home/mil/cprocsp/stunnel/stunnel-client.pid
2010.10.18 12:02:30 LOG7[4415:0]: https accepted FD=9 from 127.0.0.1:26139
2010.10.18 12:02:30 LOG7[4418:0]: client start
2010.10.18 12:02:30 LOG7[4418:0]: https started
2010.10.18 12:02:30 LOG7[4418:0]: FD 9 in non-blocking mode
2010.10.18 12:02:30 LOG7[4418:0]: TCP_NODELAY option set on local socket
2010.10.18 12:02:30 LOG7[4418:0]: FD 7 in non-blocking mode
2010.10.18 12:02:30 LOG7[4418:0]: FD 10 in non-blocking mode
2010.10.18 12:02:30 LOG7[4418:0]: Connection from 127.0.0.1:26139 permitted by libwrap
2010.10.18 12:02:30 LOG5[4418:0]: https connected from 127.0.0.1:26139
2010.10.18 12:02:30 LOG7[4418:0]: FD 12 in non-blocking mode
2010.10.18 12:02:30 LOG7[4418:0]: https connecting
2010.10.18 12:02:30 LOG7[4418:0]: connect_wait: waiting 10 seconds
2010.10.18 12:02:30 LOG7[4418:0]: connect_wait: connected
2010.10.18 12:02:30 LOG7[4418:0]: Remote FD=12 initialized
2010.10.18 12:02:30 LOG7[4418:0]: TCP_NODELAY option set on remote socket
2010.10.18 12:02:30 LOG7[4418:0]: start SSPI connect
2010.10.18 12:02:30 LOG7[4418:0]: open file /home/mil/cprocsp/stunnel/client-gost.crt with certificate
2010.10.18 12:02:30 LOG3[4418:0]: Credentials compleet
2010.10.18 12:02:30 LOG7[4418:0]: 96 bytes of handshake data sent
2010.10.18 12:02:30 LOG5[4418:0]: 524 bytes of handshake(in handshake loop) data received.
2010.10.18 12:02:30 LOG5[4418:0]: 524 bytes of handshake(in handshake loop) data received.
2010.10.18 12:02:30 LOG5[4418:0]: 101 bytes of handshake(in handshake loop) data received.
2010.10.18 12:02:30 LOG5[4418:0]: 210 bytes of handshake data sent
2010.10.18 12:02:30 LOG5[4418:0]: 31 bytes of handshake(in handshake loop) data received.
2010.10.18 12:02:30 LOG5[4418:0]: Handshake was successful
2010.10.18 12:02:30 LOG5[4418:0]: PerformClientHandshake finish
2010.10.18 12:02:30 LOG5[4418:0]: Server subject: E=support@cryptopro.ru, C=RU, L=������, O=��� ������-���, CN=���-������ ��� ������-���
2010.10.18 12:02:30 LOG5[4418:0]: Server issuer: E=info@cryptopro.ru, C=RU, O=CRYPTO-PRO, CN=Test Center CRYPTO-PRO
2010.10.18 12:02:30 LOG5[4418:0]: Protocol: TLS1
2010.10.18 12:02:30 LOG5[4418:0]: Cipher: Gost 28147-89
2010.10.18 12:02:30 LOG5[4418:0]: Cipher strength: 256
2010.10.18 12:02:30 LOG5[4418:0]: Hash: Gost R 34.11-94
2010.10.18 12:02:30 LOG5[4418:0]: Hash strength: 256
2010.10.18 12:02:30 LOG5[4418:0]: Key exchange: 0xaa25
2010.10.18 12:02:30 LOG5[4418:0]: Key exchange strength: 512
2010.10.18 12:02:30 LOG7[4418:0]: Handshake_done
2010.10.18 12:02:30 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:02:30 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 0,c->sock_ptr=0,want_rd = 0
2010.10.18 12:02:30 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:02:30 LOG7[4418:0]: data reciev from socket = 485
2010.10.18 12:02:30 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:02:30 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 0,c->sock_ptr=485,want_rd = 0
2010.10.18 12:02:30 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:02:30 LOG5[4418:0]: SSPI_write start
2010.10.18 12:02:30 LOG7[4418:0]: SSPI_write data is GET
2010.10.18 12:02:30 LOG7[4418:0]: send all data after encrypt
2010.10.18 12:02:30 LOG7[4418:0]: data send to ssl_socket =485
2010.10.18 12:02:30 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:02:30 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 0,c->sock_ptr=0,want_rd = 0
2010.10.18 12:02:30 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:02:30 LOG7[4418:0]: SSPI_read start
2010.10.18 12:02:30 LOG7[4418:0]: recv ok on SSPI_read err= 524
2010.10.18 12:02:30 LOG5[4418:0]: Received 524 bytes from ssl socket
2010.10.18 12:02:30 LOG7[4418:0]: Zerro bytes read
2010.10.18 12:02:30 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:02:30 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 0,c->sock_ptr=0,want_rd = 1
2010.10.18 12:02:30 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:02:30 LOG7[4418:0]: SSPI_read start
2010.10.18 12:02:30 LOG7[4418:0]: add data from last call = 524
2010.10.18 12:02:30 LOG7[4418:0]: recv ok on SSPI_read err= 524
2010.10.18 12:02:30 LOG5[4418:0]: Received 524 bytes from ssl socket
2010.10.18 12:02:30 LOG7[4418:0]: Zerro bytes read
2010.10.18 12:02:30 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:02:30 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 0,c->sock_ptr=0,want_rd = 1
2010.10.18 12:02:30 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:02:30 LOG7[4418:0]: SSPI_read start
2010.10.18 12:02:30 LOG7[4418:0]: add data from last call = 1048
2010.10.18 12:02:30 LOG7[4418:0]: recv ok on SSPI_read err= 524
2010.10.18 12:02:30 LOG5[4418:0]: Received 524 bytes from ssl socket
2010.10.18 12:02:30 LOG7[4418:0]: Zerro bytes read
2010.10.18 12:02:30 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:02:30 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 0,c->sock_ptr=0,want_rd = 1
2010.10.18 12:02:30 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:02:30 LOG7[4418:0]: SSPI_read start
2010.10.18 12:02:30 LOG7[4418:0]: add data from last call = 1572
2010.10.18 12:02:30 LOG7[4418:0]: recv ok on SSPI_read err= 359
2010.10.18 12:02:30 LOG5[4418:0]: Received 359 bytes from ssl socket
2010.10.18 12:02:30 LOG7[4418:0]: SSPI_read data in ssl_buff is HTTP
2010.10.18 12:02:30 LOG7[4418:0]: data read from ssl_sock =1922
2010.10.18 12:02:30 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:02:30 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 1922,c->sock_ptr=0,want_rd = 0
2010.10.18 12:02:30 LOG7[4418:0]: add write socket to poll
2010.10.18 12:02:30 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:02:30 LOG7[4418:0]: data send to socket = 1922
2010.10.18 12:02:30 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:02:30 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 0,c->sock_ptr=0,want_rd = 0
2010.10.18 12:02:30 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:02:31 LOG7[4418:0]: data reciev from socket = 436
2010.10.18 12:02:31 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:02:31 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 0,c->sock_ptr=436,want_rd = 0
2010.10.18 12:02:31 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:02:31 LOG5[4418:0]: SSPI_write start
2010.10.18 12:02:31 LOG7[4418:0]: SSPI_write data is GET
2010.10.18 12:02:31 LOG7[4418:0]: send all data after encrypt
2010.10.18 12:02:31 LOG7[4418:0]: data send to ssl_socket =436
2010.10.18 12:02:31 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:02:31 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 0,c->sock_ptr=0,want_rd = 0
2010.10.18 12:02:31 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:02:31 LOG7[4418:0]: SSPI_read start
2010.10.18 12:02:31 LOG7[4418:0]: recv ok on SSPI_read err= 644
2010.10.18 12:02:31 LOG5[4418:0]: Received 644 bytes from ssl socket
2010.10.18 12:02:31 LOG7[4418:0]: SSPI_read data in ssl_buff is HTTP
2010.10.18 12:02:31 LOG7[4418:0]: data read from ssl_sock =635
2010.10.18 12:02:31 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:02:31 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 635,c->sock_ptr=0,want_rd = 0
2010.10.18 12:02:31 LOG7[4418:0]: add write socket to poll
2010.10.18 12:02:31 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:02:31 LOG7[4418:0]: data send to socket = 635
2010.10.18 12:02:31 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:02:31 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 0,c->sock_ptr=0,want_rd = 0
2010.10.18 12:02:31 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:03:47 LOG7[4418:0]: data reciev from socket = 485
2010.10.18 12:03:47 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:03:47 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 0,c->sock_ptr=485,want_rd = 0
2010.10.18 12:03:47 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:03:47 LOG5[4418:0]: SSPI_write start
2010.10.18 12:03:47 LOG7[4418:0]: SSPI_write data is GET
2010.10.18 12:03:47 LOG7[4418:0]: send all data after encrypt
2010.10.18 12:03:47 LOG7[4418:0]: data send to ssl_socket =485
2010.10.18 12:03:47 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:03:47 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 0,c->sock_ptr=0,want_rd = 0
2010.10.18 12:03:47 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:03:47 LOG7[4418:0]: SSPI_read start
2010.10.18 12:03:47 LOG7[4418:0]: recv ok on SSPI_read err= 524
2010.10.18 12:03:47 LOG5[4418:0]: Received 524 bytes from ssl socket
2010.10.18 12:03:47 LOG7[4418:0]: Zerro bytes read
2010.10.18 12:03:47 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:03:47 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 0,c->sock_ptr=0,want_rd = 1
2010.10.18 12:03:47 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:03:47 LOG7[4418:0]: SSPI_read start
2010.10.18 12:03:47 LOG7[4418:0]: add data from last call = 524
2010.10.18 12:03:47 LOG7[4418:0]: recv ok on SSPI_read err= 524
2010.10.18 12:03:47 LOG5[4418:0]: Received 524 bytes from ssl socket
2010.10.18 12:03:47 LOG7[4418:0]: Zerro bytes read
2010.10.18 12:03:47 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:03:47 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 0,c->sock_ptr=0,want_rd = 1
2010.10.18 12:03:47 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:03:47 LOG7[4418:0]: SSPI_read start
2010.10.18 12:03:47 LOG7[4418:0]: add data from last call = 1048
2010.10.18 12:03:47 LOG7[4418:0]: recv ok on SSPI_read err= 524
2010.10.18 12:03:47 LOG5[4418:0]: Received 524 bytes from ssl socket
2010.10.18 12:03:47 LOG7[4418:0]: Zerro bytes read
2010.10.18 12:03:47 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:03:47 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 0,c->sock_ptr=0,want_rd = 1
2010.10.18 12:03:47 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:03:47 LOG7[4418:0]: SSPI_read start
2010.10.18 12:03:47 LOG7[4418:0]: add data from last call = 1572
2010.10.18 12:03:47 LOG7[4418:0]: recv ok on SSPI_read err= 359
2010.10.18 12:03:47 LOG5[4418:0]: Received 359 bytes from ssl socket
2010.10.18 12:03:47 LOG7[4418:0]: SSPI_read data in ssl_buff is HTTP
2010.10.18 12:03:47 LOG7[4418:0]: data read from ssl_sock =1922
2010.10.18 12:03:47 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:03:47 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 1922,c->sock_ptr=0,want_rd = 0
2010.10.18 12:03:47 LOG7[4418:0]: add write socket to poll
2010.10.18 12:03:47 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:03:47 LOG7[4418:0]: data send to socket = 1922
2010.10.18 12:03:47 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:03:47 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 0,c->sock_ptr=0,want_rd = 0
2010.10.18 12:03:47 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:03:51 LOG7[4418:0]: data reciev from socket = 511
2010.10.18 12:03:51 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:03:51 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 0,c->sock_ptr=511,want_rd = 0
2010.10.18 12:03:51 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:03:51 LOG5[4418:0]: SSPI_write start
2010.10.18 12:03:51 LOG7[4418:0]: SSPI_write data is GET
2010.10.18 12:03:51 LOG7[4418:0]: send all data after encrypt
2010.10.18 12:03:51 LOG7[4418:0]: data send to ssl_socket =511
2010.10.18 12:03:51 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:03:51 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 0,c->sock_ptr=0,want_rd = 0
2010.10.18 12:03:51 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:03:51 LOG7[4418:0]: SSPI_read start
2010.10.18 12:03:51 LOG7[4418:0]: recv ok on SSPI_read err= 524
2010.10.18 12:03:51 LOG5[4418:0]: Received 524 bytes from ssl socket
2010.10.18 12:03:51 LOG7[4418:0]: Zerro bytes read
2010.10.18 12:03:51 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:03:51 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 0,c->sock_ptr=0,want_rd = 1
2010.10.18 12:03:51 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:03:51 LOG7[4418:0]: SSPI_read start
2010.10.18 12:03:51 LOG7[4418:0]: add data from last call = 524
2010.10.18 12:03:51 LOG7[4418:0]: recv ok on SSPI_read err= 524
2010.10.18 12:03:51 LOG5[4418:0]: Received 524 bytes from ssl socket
2010.10.18 12:03:51 LOG7[4418:0]: Zerro bytes read
2010.10.18 12:03:51 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:03:51 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 0,c->sock_ptr=0,want_rd = 1
2010.10.18 12:03:51 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:03:51 LOG7[4418:0]: SSPI_read start
2010.10.18 12:03:51 LOG7[4418:0]: add data from last call = 1048
2010.10.18 12:03:51 LOG7[4418:0]: recv ok on SSPI_read err= 883
2010.10.18 12:03:51 LOG5[4418:0]: Received 883 bytes from ssl socket
2010.10.18 12:03:51 LOG7[4418:0]: SSPI_read data in ssl_buff is HTTP
2010.10.18 12:03:51 LOG7[4418:0]: data read from ssl_sock =1922
2010.10.18 12:03:51 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:03:51 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 1922,c->sock_ptr=0,want_rd = 0
2010.10.18 12:03:51 LOG7[4418:0]: add write socket to poll
2010.10.18 12:03:51 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:03:51 LOG7[4418:0]: data send to socket = 1922
2010.10.18 12:03:51 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:03:51 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 0,c->sock_ptr=0,want_rd = 0
2010.10.18 12:03:51 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:04:09 LOG7[4418:0]: data reciev from socket = 474
2010.10.18 12:04:09 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:04:09 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 0,c->sock_ptr=474,want_rd = 0
2010.10.18 12:04:09 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:04:09 LOG5[4418:0]: SSPI_write start
2010.10.18 12:04:09 LOG7[4418:0]: SSPI_write data is GET
2010.10.18 12:04:09 LOG7[4418:0]: send all data after encrypt
2010.10.18 12:04:09 LOG7[4418:0]: data send to ssl_socket =474
2010.10.18 12:04:09 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:04:09 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 0,c->sock_ptr=0,want_rd = 0
2010.10.18 12:04:09 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:04:09 LOG7[4418:0]: SSPI_read start
2010.10.18 12:04:09 LOG7[4418:0]: recv ok on SSPI_read err= 524
2010.10.18 12:04:09 LOG5[4418:0]: Received 524 bytes from ssl socket
2010.10.18 12:04:09 LOG7[4418:0]: Zerro bytes read
2010.10.18 12:04:09 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:04:09 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 0,c->sock_ptr=0,want_rd = 1
2010.10.18 12:04:09 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:04:09 LOG7[4418:0]: SSPI_read start
2010.10.18 12:04:09 LOG7[4418:0]: add data from last call = 524
2010.10.18 12:04:09 LOG7[4418:0]: recv ok on SSPI_read err= 524
2010.10.18 12:04:09 LOG5[4418:0]: Received 524 bytes from ssl socket
2010.10.18 12:04:09 LOG7[4418:0]: Zerro bytes read
2010.10.18 12:04:09 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:04:09 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 0,c->sock_ptr=0,want_rd = 1
2010.10.18 12:04:09 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:04:09 LOG7[4418:0]: SSPI_read start
2010.10.18 12:04:09 LOG7[4418:0]: add data from last call = 1048
2010.10.18 12:04:09 LOG7[4418:0]: recv ok on SSPI_read err= 883
2010.10.18 12:04:09 LOG5[4418:0]: Received 883 bytes from ssl socket
2010.10.18 12:04:09 LOG7[4418:0]: SSPI_read data in ssl_buff is HTTP
2010.10.18 12:04:09 LOG7[4418:0]: data read from ssl_sock =1922
2010.10.18 12:04:09 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:04:09 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 1922,c->sock_ptr=0,want_rd = 0
2010.10.18 12:04:09 LOG7[4418:0]: add write socket to poll
2010.10.18 12:04:09 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:04:09 LOG7[4418:0]: data send to socket = 1922
2010.10.18 12:04:09 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:04:09 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 0,c->sock_ptr=0,want_rd = 0
2010.10.18 12:04:09 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:04:20 LOG7[4418:0]: data reciev from socket = 455
2010.10.18 12:04:20 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:04:20 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 0,c->sock_ptr=455,want_rd = 0
2010.10.18 12:04:20 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:04:20 LOG5[4418:0]: SSPI_write start
2010.10.18 12:04:20 LOG7[4418:0]: SSPI_write data is GET
2010.10.18 12:04:20 LOG7[4418:0]: send all data after encrypt
2010.10.18 12:04:20 LOG7[4418:0]: data send to ssl_socket =455
2010.10.18 12:04:20 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:04:20 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 0,c->sock_ptr=0,want_rd = 0
2010.10.18 12:04:20 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:04:20 LOG7[4418:0]: SSPI_read start
2010.10.18 12:04:20 LOG7[4418:0]: recv ok on SSPI_read err= 472
2010.10.18 12:04:20 LOG5[4418:0]: Received 472 bytes from ssl socket
2010.10.18 12:04:20 LOG7[4418:0]: SSPI_read data in ssl_buff is HTTP
2010.10.18 12:04:20 LOG7[4418:0]: data read from ssl_sock =463
2010.10.18 12:04:20 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:04:20 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 463,c->sock_ptr=0,want_rd = 0
2010.10.18 12:04:20 LOG7[4418:0]: add write socket to poll
2010.10.18 12:04:20 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:04:20 LOG7[4418:0]: data send to socket = 463
2010.10.18 12:04:20 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:04:20 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 0,c->sock_ptr=0,want_rd = 0
2010.10.18 12:04:20 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:04:20 LOG7[4418:0]: data reciev from socket = 523
2010.10.18 12:04:20 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:04:20 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 0,c->sock_ptr=523,want_rd = 0
2010.10.18 12:04:20 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:04:20 LOG5[4418:0]: SSPI_write start
2010.10.18 12:04:20 LOG7[4418:0]: SSPI_write data is GET
2010.10.18 12:04:20 LOG7[4418:0]: send all data after encrypt
2010.10.18 12:04:20 LOG7[4418:0]: data send to ssl_socket =523
2010.10.18 12:04:20 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:04:20 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 0,c->sock_ptr=0,want_rd = 0
2010.10.18 12:04:20 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:04:20 LOG7[4418:0]: SSPI_read start
2010.10.18 12:04:20 LOG7[4418:0]: recv ok on SSPI_read err= 524
2010.10.18 12:04:20 LOG5[4418:0]: Received 524 bytes from ssl socket
2010.10.18 12:04:20 LOG7[4418:0]: Zerro bytes read
2010.10.18 12:04:20 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:04:20 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 0,c->sock_ptr=0,want_rd = 1
2010.10.18 12:04:20 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:04:20 LOG7[4418:0]: SSPI_read start
2010.10.18 12:04:20 LOG7[4418:0]: add data from last call = 524
2010.10.18 12:04:20 LOG7[4418:0]: recv ok on SSPI_read err= 524
2010.10.18 12:04:20 LOG5[4418:0]: Received 524 bytes from ssl socket
2010.10.18 12:04:20 LOG7[4418:0]: Zerro bytes read
2010.10.18 12:04:20 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:04:20 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 0,c->sock_ptr=0,want_rd = 1
2010.10.18 12:04:20 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:04:20 LOG7[4418:0]: SSPI_read start
2010.10.18 12:04:20 LOG7[4418:0]: add data from last call = 1048
2010.10.18 12:04:20 LOG7[4418:0]: recv ok on SSPI_read err= 512
2010.10.18 12:04:20 LOG5[4418:0]: Received 512 bytes from ssl socket
2010.10.18 12:04:20 LOG7[4418:0]: Zerro bytes read
2010.10.18 12:04:20 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:04:20 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 0,c->sock_ptr=0,want_rd = 1
2010.10.18 12:04:20 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:04:20 LOG7[4418:0]: SSPI_read start
2010.10.18 12:04:20 LOG7[4418:0]: add data from last call = 1560
2010.10.18 12:04:20 LOG7[4418:0]: recv ok on SSPI_read err= 1060
2010.10.18 12:04:20 LOG5[4418:0]: Received 1060 bytes from ssl socket
2010.10.18 12:04:20 LOG7[4418:0]: Zerro bytes read
2010.10.18 12:04:20 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:04:20 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 0,c->sock_ptr=0,want_rd = 1
2010.10.18 12:04:20 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:04:20 LOG7[4418:0]: SSPI_read start
2010.10.18 12:04:20 LOG7[4418:0]: add data from last call = 2620
2010.10.18 12:04:20 LOG7[4418:0]: recv ok on SSPI_read err= 524
2010.10.18 12:04:20 LOG5[4418:0]: Received 524 bytes from ssl socket
2010.10.18 12:04:20 LOG7[4418:0]: Zerro bytes read
2010.10.18 12:04:20 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:04:20 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 0,c->sock_ptr=0,want_rd = 1
2010.10.18 12:04:20 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:04:20 LOG7[4418:0]: SSPI_read start
2010.10.18 12:04:20 LOG7[4418:0]: add data from last call = 3144
2010.10.18 12:04:20 LOG7[4418:0]: recv ok on SSPI_read err= 524
2010.10.18 12:04:20 LOG5[4418:0]: Received 524 bytes from ssl socket
2010.10.18 12:04:20 LOG7[4418:0]: Zerro bytes read
2010.10.18 12:04:20 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:04:20 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 0,c->sock_ptr=0,want_rd = 1
2010.10.18 12:04:20 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:04:20 LOG7[4418:0]: SSPI_read start
2010.10.18 12:04:20 LOG7[4418:0]: add data from last call = 3668
2010.10.18 12:04:20 LOG7[4418:0]: recv ok on SSPI_read err= 524
2010.10.18 12:04:20 LOG5[4418:0]: Received 524 bytes from ssl socket
2010.10.18 12:04:20 LOG7[4418:0]: Zerro bytes read
2010.10.18 12:04:20 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:04:20 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 0,c->sock_ptr=0,want_rd = 1
2010.10.18 12:04:20 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:04:21 LOG7[4418:0]: SSPI_read start
2010.10.18 12:04:21 LOG7[4418:0]: add data from last call = 4192
2010.10.18 12:04:21 LOG7[4418:0]: recv ok on SSPI_read err= 3144
2010.10.18 12:04:21 LOG5[4418:0]: Received 3144 bytes from ssl socket
2010.10.18 12:04:21 LOG7[4418:0]: Zerro bytes read
2010.10.18 12:04:21 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:04:21 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 0,c->sock_ptr=0,want_rd = 1
2010.10.18 12:04:21 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:04:21 LOG7[4418:0]: SSPI_read start
2010.10.18 12:04:21 LOG7[4418:0]: add data from last call = 7336
2010.10.18 12:04:21 LOG7[4418:0]: recv ok on SSPI_read err= 6288
2010.10.18 12:04:21 LOG5[4418:0]: Received 6288 bytes from ssl socket
2010.10.18 12:04:21 LOG7[4418:0]: Zerro bytes read
2010.10.18 12:04:21 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:04:21 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 0,c->sock_ptr=0,want_rd = 1
2010.10.18 12:04:21 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:04:21 LOG7[4418:0]: SSPI_read start
2010.10.18 12:04:21 LOG7[4418:0]: add data from last call = 13624
2010.10.18 12:04:21 LOG7[4418:0]: recv ok on SSPI_read err= 13121
2010.10.18 12:04:21 LOG5[4418:0]: Received 13121 bytes from ssl socket
2010.10.18 12:04:21 LOG7[4418:0]: Recieve 10357 bytes EXTRA_DATA
2010.10.18 12:04:21 LOG7[4418:0]: data read return 16379, c->ssl_ptr = 0
2010.10.18 12:04:21 LOG7[4418:0]: data read from ssl_sock =16379
2010.10.18 12:04:21 LOG7[4418:0]: add write socket to poll
2010.10.18 12:04:21 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:04:21 LOG7[4418:0]: data send to socket = 16379
2010.10.18 12:04:21 LOG7[4418:0]: SSPI_read start
2010.10.18 12:04:21 LOG7[4418:0]: add data from last call = 10357
2010.10.18 12:04:21 LOG7[4418:0]: SSPI_read data in ssl_buff is 77;&
2010.10.18 12:04:21 LOG7[4418:0]: data read from ssl_sock =10348
2010.10.18 12:04:21 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:04:21 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 10348,c->sock_ptr=0,want_rd = 0
2010.10.18 12:04:21 LOG7[4418:0]: add write socket to poll
2010.10.18 12:04:21 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:04:21 LOG7[4418:0]: data send to socket = 10348
2010.10.18 12:04:21 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:04:21 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 0,c->sock_ptr=0,want_rd = 0
2010.10.18 12:04:21 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:04:21 LOG7[4418:0]: data reciev from socket = 535
2010.10.18 12:04:21 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:04:21 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 0,c->sock_ptr=535,want_rd = 0
2010.10.18 12:04:21 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:04:21 LOG5[4418:0]: SSPI_write start
2010.10.18 12:04:21 LOG7[4418:0]: SSPI_write data is GET
2010.10.18 12:04:21 LOG7[4418:0]: send all data after encrypt
2010.10.18 12:04:21 LOG7[4418:0]: data send to ssl_socket =535
2010.10.18 12:04:21 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:04:21 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 0,c->sock_ptr=0,want_rd = 0
2010.10.18 12:04:21 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:04:21 LOG7[4415:0]: https accepted FD=9 from 127.0.0.1:9623
2010.10.18 12:04:21 LOG7[4430:0]: client start
2010.10.18 12:04:21 LOG7[4430:0]: https started
2010.10.18 12:04:21 LOG7[4430:0]: FD 9 in non-blocking mode
2010.10.18 12:04:21 LOG7[4430:0]: TCP_NODELAY option set on local socket
2010.10.18 12:04:21 LOG7[4430:0]: FD 7 in non-blocking mode
2010.10.18 12:04:21 LOG7[4430:0]: FD 10 in non-blocking mode
2010.10.18 12:04:21 LOG7[4430:0]: Connection from 127.0.0.1:9623 permitted by libwrap
2010.10.18 12:04:21 LOG5[4430:0]: https connected from 127.0.0.1:9623
2010.10.18 12:04:21 LOG7[4430:0]: FD 12 in non-blocking mode
2010.10.18 12:04:21 LOG7[4430:0]: https connecting
2010.10.18 12:04:21 LOG7[4430:0]: connect_wait: waiting 10 seconds
2010.10.18 12:04:21 LOG7[4418:0]: SSPI_read start
2010.10.18 12:04:21 LOG7[4418:0]: recv ok on SSPI_read err= 524
2010.10.18 12:04:21 LOG5[4418:0]: Received 524 bytes from ssl socket
2010.10.18 12:04:21 LOG7[4418:0]: Zerro bytes read
2010.10.18 12:04:21 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:04:21 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 0,c->sock_ptr=0,want_rd = 1
2010.10.18 12:04:21 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:04:21 LOG7[4418:0]: SSPI_read start
2010.10.18 12:04:21 LOG7[4418:0]: add data from last call = 524
2010.10.18 12:04:21 LOG7[4418:0]: recv ok on SSPI_read err= 524
2010.10.18 12:04:21 LOG5[4418:0]: Received 524 bytes from ssl socket
2010.10.18 12:04:21 LOG7[4418:0]: Zerro bytes read
2010.10.18 12:04:21 LOG7[4418:0]: add ssl read socket to pool
2010.10.18 12:04:21 LOG7[4418:0]: ssl_rd = 1, c->ssl_ptr = 0,c->sock_ptr=0,want_rd = 1
2010.10.18 12:04:21 LOG7[4418:0]: Enter pool section on transfer
2010.10.18 12:04:21 LOG7[4430:0]: connect_wait: connected
2010.10.18 12:04:21 LOG7[4430:0]: Remote FD=12 initialized
2010.10.18 12:04:21 LOG7[4430:0]: TCP_NODELAY option set on remote socket
2010.10.18 12:04:21 LOG7[4430:0]: start SSPI connect
2010.10.18 12:04:21 LOG7[4430:0]: open file /home/mil/cprocsp/stunnel/client-gost.crt with certificate
2010.10.18 12:04:21 LOG7[4415:0]: https accepted FD=9 from 127.0.0.1:9626
2010.10.18 12:04:21 LOG7[4415:0]: https accepted FD=9 from 127.0.0.1:9627
2010.10.18 12:04:21 LOG7[4433:0]: client start
2010.10.18 12:04:21 LOG7[4433:0]: https started
2010.10.18 12:04:21 LOG7[4433:0]: FD 9 in non-blocking mode
2010.10.18 12:04:21 LOG7[4433:0]: TCP_NODELAY option set on local socket
2010.10.18 12:04:21 LOG7[4433:0]: FD 7 in non-blocking mode
2010.10.18 12:04:21 LOG7[4415:0]: https accepted FD=9 from 127.0.0.1:9628
2010.10.18 12:04:21 LOG7[4433:0]: FD 10 in non-blocking mode
2010.10.18 12:04:21 LOG7[4415:0]: https accepted FD=9 from 127.0.0.1:9629
2010.10.18 12:04:21 LOG7[4434:0]: client start
2010.10.18 12:04:21 LOG7[4434:0]: https started
2010.10.18 12:04:21 LOG7[4434:0]: FD 9 in non-blocking mode
2010.10.18 12:04:21 LOG7[4434:0]: TCP_NODELAY option set on local socket
2010.10.18 12:04:21 LOG7[4434:0]: FD 7 in non-blocking mode
2010.10.18 12:04:21 LOG7[4434:0]: FD 10 in non-blocking mode
2010.10.18 12:04:21 LOG7[4436:0]: client start
2010.10.18 12:04:21 LOG7[4436:0]: https started
2010.10.18 12:04:21 LOG7[4436:0]: FD 9 in non-blocking mode
2010.10.18 12:04:21 LOG7[4436:0]: TCP_NODELAY option set on local socket
2010.10.18 12:04:21 LOG7[4436:0]: FD 7 in non-blocking mode
2010.10.18 12:04:21 LOG7[4436:0]: FD 10 in non-blocking mode
2010.10.18 12:04:21 LOG7[4433:0]: Connection from 127.0.0.1:9626 permitted by libwrap
2010.10.18 12:04:21 LOG5[4433:0]: https connected from 127.0.0.1:9626
2010.10.18 12:04:21 LOG7[4437:0]: client start
2010.10.18 12:04:21 LOG7[4437:0]: https started
2010.10.18 12:04:21 LOG7[4437:0]: FD 9 in non-blocking mode
2010.10.18 12:04:21 LOG7[4437:0]: TCP_NODELAY option set on local socket
2010.10.18 12:04:21 LOG7[4437:0]: FD 7 in non-blocking mode
2010.10.18 12:04:21 LOG7[4437:0]: FD 10 in non-blocking mode
2010.10.18 12:04:21 LOG7[4434:0]: Connection from 127.0.0.1:9627 permitted by libwrap
2010.10.18 12:04:21 LOG5[4434:0]: https connected from 127.0.0.1:9627
2010.10.18 12:04:21 LOG7[4436:0]: Connection from 127.0.0.1:9628 permitted by libwrap
2010.10.18 12:04:21 LOG5[4436:0]: https connected from 127.0.0.1:9628
2010.10.18 12:04:21 LOG7[4437:0]: Connection from 127.0.0.1:9629 permitted by libwrap
2010.10.18 12:04:21 LOG5[4437:0]: https connected from 127.0.0.1:9629
2010.10.18 12:04:21 LOG7[4433:0]: FD 12 in non-blocking mode
2010.10.18 12:04:21 LOG7[4433:0]: https connecting
2010.10.18 12:04:21 LOG7[4433:0]: connect_wait: waiting 10 seconds
2010.10.18 12:04:21 LOG7[4437:0]: FD 12 in non-blocking mode
2010.10.18 12:04:21 LOG7[4437:0]: https connecting
2010.10.18 12:04:21 LOG7[4437:0]: connect_wait: waiting 10 seconds
2010.10.18 12:04:21 LOG7[4433:0]: connect_wait: connected
2010.10.18 12:04:21 LOG7[4433:0]: Remote FD=12 initialized
2010.10.18 12:04:21 LOG7[4433:0]: TCP_NODELAY option set on remote socket
2010.10.18 12:04:21 LOG7[4433:0]: start SSPI connect
2010.10.18 12:04:21 LOG7[4433:0]: open file /home/mil/cprocsp/stunnel/client-gost.crt with certificate
2010.10.18 12:04:21 LOG7[4437:0]: connect_wait: connected
2010.10.18 12:04:21 LOG7[4437:0]: Remote FD=12 initialized
2010.10.18 12:04:21 LOG7[4437:0]: TCP_NODELAY option set on remote socket
2010.10.18 12:04:21 LOG7[4437:0]: start SSPI connect
2010.10.18 12:04:21 LOG7[4437:0]: open file /home/mil/cprocsp/stunnel/client-gost.crt with certificate
2010.10.18 12:04:21 LOG7[4434:0]: FD 12 in non-blocking mode
2010.10.18 12:04:21 LOG7[4434:0]: https connecting
2010.10.18 12:04:21 LOG7[4434:0]: connect_wait: waiting 10 seconds
2010.10.18 12:04:21 LOG7[4436:0]: FD 12 in non-blocking mode
2010.10.18 12:04:21 LOG7[4436:0]: https connecting
2010.10.18 12:04:21 LOG7[4436:0]: connect_wait: waiting 10 seconds
2010.10.18 12:04:21 LOG7[4434:0]: connect_wait: connected
2010.10.18 12:04:21 LOG7[4434:0]: Remote FD=12 initialized
2010.10.18 12:04:21 LOG7[4434:0]: TCP_NODELAY option set on remote socket
2010.10.18 12:04:21 LOG7[4434:0]: start SSPI connect
2010.10.18 12:04:21 LOG7[4434:0]: open file /home/mil/cprocsp/stunnel/client-gost.crt with certificate
2010.10.18 12:04:21 LOG7[4436:0]: connect_wait: connected
2010.10.18 12:04:21 LOG7[4436:0]: Remote FD=12 initialized
2010.10.18 12:04:21 LOG7[4436:0]: TCP_NODELAY option set on remote socket
2010.10.18 12:04:21 LOG7[4436:0]: start SSPI connect
2010.10.18 12:04:21...
Вверх
WWW
Offline Татьяна  
#5 Оставлено : 18 октября 2010 г. 17:12:39(UTC)
Татьяна

Статус: Сотрудник

Группы: Участники
Зарегистрирован: 06.02.2008(UTC)
Сообщений: 1,491
Откуда: Крипто-Про

Поблагодарили: 40 раз в 37 постах
А просто по нашему сайту удается ходить, введя в браузере localhost:9443 ?

Проблемы с проверкой соединения на тестовой странице возникают из-за особенностей страницы tls-cli.asp .
Татьяна
ООО Крипто-Про
Вверх
Offline million  
#6 Оставлено : 19 октября 2010 г. 4:53:15(UTC)
million

Статус: Новичок

Группы: Участники
Зарегистрирован: 03.10.2010(UTC)
Сообщений: 4
Откуда: Tula
Да. По самому сайту можно ходить. А на тестовой странице - пишет страница не найдена.
А как тогда проверить какой сертификат был предоставлен серверу?
Вверх
WWW
Offline sky  
#7 Оставлено : 22 октября 2010 г. 19:04:09(UTC)
sky

Статус: Новичок

Группы: Участники
Зарегистрирован: 22.10.2010(UTC)
Сообщений: 1
Откуда: Novosibirsk
Здравствуйте, боремся с похожей проблемой, установили stunnel входящий в состав CryptoPro CSP 3.6 под Solaris 9
все сертификаты размещены по инструкции. пробуем режим работы для клиента.
вот лог
Код:
2010.10.20 17:08:33 LOG5[12698:0]: stunnel 4.18 on sparc-sun-solaris2.10
2010.10.20 17:08:33 LOG5[12698:0]: Threading:FORK Sockets:POLL,IPv4
2010.10.20 17:08:33 LOG6[12698:0]: file ulimit = 256 (can be changed with 'ulimit -n')
2010.10.20 17:08:33 LOG6[12698:0]: poll() used - no FD_SETSIZE limit for file descriptors
2010.10.20 17:08:33 LOG5[12698:0]: 0 clients allowed
2010.10.20 17:08:33 LOG7[12698:0]: FD 8 in non-blocking mode
2010.10.20 17:08:33 LOG7[12698:0]: FD 9 in non-blocking mode
2010.10.20 17:08:33 LOG7[12698:0]: FD 10 in non-blocking mode
2010.10.20 17:08:33 LOG7[12698:0]: SO_REUSEADDR option set on accept socket
2010.10.20 17:08:33 LOG7[12698:0]: https bound to 127.0.0.1:1500
2010.10.20 17:08:33 LOG7[12699:0]: Created pid file /var/opt/cprocsp/tmp/ias1022_stunnel.pid
2010.10.20 17:09:47 LOG7[12699:0]: https accepted FD=0 from 127.0.0.1:48690
2010.10.20 17:09:47 LOG7[12873:0]: client start
2010.10.20 17:09:47 LOG7[12873:0]: https started
2010.10.20 17:09:47 LOG7[12873:0]: FD 0 in non-blocking mode
2010.10.20 17:09:47 LOG7[12873:0]: TCP_NODELAY option set on local socket
2010.10.20 17:09:47 LOG5[12873:0]: https connected from 127.0.0.1:48690
2010.10.20 17:09:47 LOG7[12873:0]: FD 11 in non-blocking mode
2010.10.20 17:09:47 LOG7[12873:0]: https connecting 
2010.10.20 17:09:47 LOG7[12873:0]: connect_wait: waiting 10 seconds
2010.10.20 17:09:47 LOG7[12873:0]: connect_wait: connected
2010.10.20 17:09:47 LOG7[12873:0]: Remote FD=11 initialized
2010.10.20 17:09:47 LOG7[12873:0]: TCP_NODELAY option set on remote socket
2010.10.20 17:09:47 LOG7[12873:0]: start SSPI connect
2010.10.20 17:09:47 LOG7[12873:0]: open file /home2/ias1022/client-gost.crt with certificate
2010.10.20 17:09:48 LOG3[12873:0]: **** Error 0x80090304 returned by AcquireCredentialsHandle
2010.10.20 17:09:48 LOG3[12873:0]: Credentials compleet
2010.10.20 17:09:48 LOG3[12873:0]: Error creating credentials
2010.10.20 17:09:48 LOG5[12873:0]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
2010.10.20 17:09:48 LOG7[12873:0]: free Buffers
2010.10.20 17:09:48 LOG7[12873:0]: delete c->hClientCreds
2010.10.20 17:09:48 LOG5[12873:0]: incomp_mess = 0, extra_data = 0
2010.10.20 17:09:48 LOG7[12873:0]: removing pid file /var/opt/cprocsp/tmp/ias1022_stunnel.pid
2010.10.20 17:09:48 LOG7[12699:0]: https accepted FD=0 from 127.0.0.1:48692
2010.10.20 17:09:48 LOG7[12874:0]: client start
2010.10.20 17:09:48 LOG7[12874:0]: https started
2010.10.20 17:09:48 LOG7[12874:0]: FD 0 in non-blocking mode
2010.10.20 17:09:48 LOG7[12699:0]: Cleaning up the signal pipe
2010.10.20 17:09:48 LOG7[12699:0]: Process 12873 finished with code 0 (1 left)
2010.10.20 17:09:48 LOG7[12874:0]: TCP_NODELAY option set on local socket
2010.10.20 17:09:48 LOG5[12874:0]: https connected from 127.0.0.1:48692
2010.10.20 17:09:48 LOG7[12874:0]: FD 11 in non-blocking mode
2010.10.20 17:09:48 LOG7[12874:0]: https connecting 
2010.10.20 17:09:48 LOG7[12874:0]: connect_wait: waiting 10 seconds
2010.10.20 17:09:48 LOG7[12874:0]: connect_wait: connected
2010.10.20 17:09:48 LOG7[12874:0]: Remote FD=11 initialized
2010.10.20 17:09:48 LOG7[12874:0]: TCP_NODELAY option set on remote socket
2010.10.20 17:09:48 LOG7[12874:0]: start SSPI connect
2010.10.20 17:09:48 LOG7[12874:0]: open file /home2/ias1022/client-gost.crt with certificate
2010.10.20 17:09:48 LOG3[12874:0]: **** Error 0x80090304 returned by AcquireCredentialsHandle
2010.10.20 17:09:48 LOG3[12874:0]: Credentials compleet
2010.10.20 17:09:48 LOG3[12874:0]: Error creating credentials
2010.10.20 17:09:48 LOG5[12874:0]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
2010.10.20 17:09:48 LOG7[12874:0]: free Buffers
2010.10.20 17:09:48 LOG7[12874:0]: delete c->hClientCreds
2010.10.20 17:09:48 LOG5[12874:0]: incomp_mess = 0, extra_data = 0
2010.10.20 17:09:48 LOG7[12874:0]: removing pid file /var/opt/cprocsp/tmp/ias1022_stunnel.pid
2010.10.20 17:09:48 LOG7[12699:0]: Cleaning up the signal pipe
2010.10.20 17:09:48 LOG7[12699:0]: Process 12874 finished with code 0 (0 left)
2010.10.20 17:09:53 LOG7[12699:0]: https accepted FD=0 from 127.0.0.1:48696
2010.10.20 17:09:53 LOG7[12877:0]: client start
2010.10.20 17:09:53 LOG7[12877:0]: https started
2010.10.20 17:09:53 LOG7[12877:0]: FD 0 in non-blocking mode
2010.10.20 17:09:53 LOG7[12877:0]: TCP_NODELAY option set on local socket
2010.10.20 17:09:53 LOG5[12877:0]: https connected from 127.0.0.1:48696
2010.10.20 17:09:53 LOG7[12877:0]: FD 11 in non-blocking mode
2010.10.20 17:09:53 LOG7[12877:0]: https connecting 
2010.10.20 17:09:53 LOG7[12877:0]: connect_wait: waiting 10 seconds
2010.10.20 17:09:53 LOG7[12877:0]: connect_wait: connected
2010.10.20 17:09:53 LOG7[12877:0]: Remote FD=11 initialized
2010.10.20 17:09:53 LOG7[12877:0]: TCP_NODELAY option set on remote socket
2010.10.20 17:09:53 LOG7[12877:0]: start SSPI connect
2010.10.20 17:09:53 LOG7[12877:0]: open file /home2/ias1022/client-gost.crt with certificate
2010.10.20 17:09:54 LOG3[12877:0]: **** Error 0x80090304 returned by AcquireCredentialsHandle
2010.10.20 17:09:54 LOG3[12877:0]: Credentials compleet
2010.10.20 17:09:54 LOG3[12877:0]: Error creating credentials
2010.10.20 17:09:54 LOG5[12877:0]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
2010.10.20 17:09:54 LOG7[12877:0]: free Buffers
2010.10.20 17:09:54 LOG7[12877:0]: delete c->hClientCreds
2010.10.20 17:09:54 LOG5[12877:0]: incomp_mess = 0, extra_data = 0
2010.10.20 17:09:54 LOG7[12877:0]: removing pid file /var/opt/cprocsp/tmp/ias1022_stunnel.pid
2010.10.20 17:09:54 LOG7[12699:0]: Cleaning up the signal pipe
2010.10.20 17:09:54 LOG7[12699:0]: Process 12877 finished with code 0 (0 left)
2010.10.20 17:09:58 LOG7[12699:0]: https accepted FD=0 from 127.0.0.1:48701
2010.10.20 17:09:58 LOG7[12880:0]: client start
2010.10.20 17:09:58 LOG7[12880:0]: https started
2010.10.20 17:09:58 LOG7[12880:0]: FD 0 in non-blocking mode
2010.10.20 17:09:58 LOG7[12880:0]: TCP_NODELAY option set on local socket
2010.10.20 17:09:58 LOG5[12880:0]: https connected from 127.0.0.1:48701
2010.10.20 17:09:59 LOG7[12880:0]: FD 11 in non-blocking mode
2010.10.20 17:09:59 LOG7[12880:0]: https connecting 
2010.10.20 17:09:59 LOG7[12880:0]: connect_wait: waiting 10 seconds
2010.10.20 17:09:59 LOG7[12880:0]: connect_wait: connected
2010.10.20 17:09:59 LOG7[12880:0]: Remote FD=11 initialized
2010.10.20 17:09:59 LOG7[12880:0]: TCP_NODELAY option set on remote socket
2010.10.20 17:09:59 LOG7[12880:0]: start SSPI connect
2010.10.20 17:09:59 LOG7[12880:0]: open file /home2/ias1022/client-gost.crt with certificate
2010.10.20 17:09:59 LOG3[12880:0]: **** Error 0x80090304 returned by AcquireCredentialsHandle
2010.10.20 17:09:59 LOG3[12880:0]: Credentials compleet
2010.10.20 17:09:59 LOG3[12880:0]: Error creating credentials
2010.10.20 17:09:59 LOG5[12880:0]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
2010.10.20 17:09:59 LOG7[12880:0]: free Buffers
2010.10.20 17:09:59 LOG7[12880:0]: delete c->hClientCreds
2010.10.20 17:09:59 LOG5[12880:0]: incomp_mess = 0, extra_data = 0
2010.10.20 17:09:59 LOG7[12880:0]: removing pid file /var/opt/cprocsp/tmp/ias1022_stunnel.pid
2010.10.20 17:09:59 LOG7[12699:0]: Cleaning up the signal pipe
2010.10.20 17:09:59 LOG7[12699:0]: Process 12880 finished with code 0 (0 left)


Вверх
Offline cross  
#8 Оставлено : 12 ноября 2010 г. 21:06:34(UTC)
Анатолий Беляев

Статус: Сотрудник

Группы: Администраторы, Участники
Зарегистрирован: 24.11.2009(UTC)
Сообщений: 965
Откуда: Crypto-Pro

Сказал(а) «Спасибо»: 3 раз
Поблагодарили: 174 раз в 152 постах
million написал:
Да. По самому сайту можно ходить. А на тестовой странице - пишет страница не найдена.
А как тогда проверить какой сертификат был предоставлен серверу?

Какой в конфиге прописали такой и будет предоставлен.
Техническую поддержку оказываем тут.
Наша база знаний.
Наша страничка в Instagram.
Вверх
Offline adhzgez  
#9 Оставлено : 20 февраля 2012 г. 14:09:03(UTC)
adhzgez

Статус: Новичок

Группы: Участники
Зарегистрирован: 22.11.2011(UTC)
Сообщений: 2
Откуда: Сомалиленд
Татьяна, для работы stunnel обязательно нужен ваш "специальный" firefox или можно использовать любой браузер?

Отредактировано пользователем 20 февраля 2012 г. 14:11:58(UTC)  | Причина: Не указана
Вверх
WWW
Offline cross  
#10 Оставлено : 6 марта 2012 г. 15:22:39(UTC)
Анатолий Беляев

Статус: Сотрудник

Группы: Администраторы, Участники
Зарегистрирован: 24.11.2009(UTC)
Сообщений: 965
Откуда: Crypto-Pro

Сказал(а) «Спасибо»: 3 раз
Поблагодарили: 174 раз в 152 постах
Если Вы используете stunnel как сервер то к нему нужен браузер который поддерживает TLS с ГОСТ алгоритмами, как например, наша сборка FF. Если как клиент то к нему подойдет любой http клиент.
Техническую поддержку оказываем тут.
Наша база знаний.
Наша страничка в Instagram.
Вверх
RSS Лента  Atom Лента
Пользователи, просматривающие эту тему
Guest
Быстрый переход  
Вы не можете создавать новые темы в этом форуме.
Вы не можете отвечать в этом форуме.
Вы не можете удалять Ваши сообщения в этом форуме.
Вы не можете редактировать Ваши сообщения в этом форуме.
Вы не можете создавать опросы в этом форуме.
Вы не можете голосовать в этом форуме.

Privacy Policy | Форум YAF.NET | YAF.NET © 2003-2024, Yet Another Forum.NET