Hi ,
--
we are trying to add tls support to socks proxy with Curl as part of that we are trying to complete initial TLS handshake.
we are trying to run openssl s_server on loopback interface to verify changes
we tried two methods both are resulting in fatal error alert from server.
Method 1 - use existing api's used for http proxy but remove any conditions specific for HTTPS proxy.(wireshark: lo_sslversion.pcap)
- SSL upgrade of existing socket using curl API’s curl_ssl_connect_nonblocking and curl_ssl_init_proxy for TLS handshake
- Fatal alert: protocol version
Method 2- use new SSL context init and add certificates/key manually, do simple ssl_connect on sockfd (wireshark: inverse_server_client_l0.pcap)
- SSL_set_fd(ssl, sockfd) and SSL_connect(ssl) are used.
- Fatal alert illegal parameter.
Commands used:
server: openssl s_server --accept 1080 -cert certificate1.pem -key key1.pem
client: curl -v -g -k --proxy socks5://127.0.0.1:1080 https://www.google.com
could you please help understand this error?
thanks,
Anand.S
Attachment:
lo_sslversion.pcap
Description: Binary data
Attachment:
inverse_server_client_l0.pcap
Description: Binary data
