Le 28/12/2010 16:56, David Woodhouse a ?crit : > On Tue, 2010-12-28 at 11:06 +0100, Guillaume Rousse wrote: >> >> I'd gladly try to set up an SSL proxy, but I'd need additional >> informations for this. I quickly checked openssl man page, it doesn't >> seem to be possible with it. However, googling point me to >> http://crypto.stanford.edu/ssl-mitm/. Is that the way to go ? > > Something like that, perhaps. Or just use 'openssl s_server' and point > your client at it, then manually cut and paste its requests into > 'openssl s_client' pointed at the real server. I just tried this, but I didn't achieved to make the client successfully negociate an ssl session with my proxy. Here is my proxy server command line: openssl s_server -key /etc/pki/tls/private/localhost.key -cert /etc/pki/tls/certs/localhost.crt -debug -accept 443 Here is my client command line: ~/.juniper_networks/network_connect/ncsvc \ -h beria.zarb.home \ -u rousse \ -r smi \ -f /etc/pki/tls/certs/localhost.crt I'm attaching the proxy output. The certificate/key pair used here has nothing to do with the actual juniper vpn, but the hostname in the CN matches the one used in the client command line. I may eventually get a copy of the original certificate if needed, but I'm not the sure this is the actual problem. Sorry if I'm missing something obvious here, it's a bit beyond my own technicals skills. -- BOFH excuse #59: failed trials, system needs redesigned
