Страница 1 из 1

netcat & ssl

Добавлено: 2008-09-18 11:04:41
friend
есть потребность выстроить туннель.
есть удаленный сервер на нем pop3s 995 порт.
нужно на локальном получить порт 110 но чтоб уже он не был секурный.
подскажите как быть?

Re: netcat & ssl

Добавлено: 2008-11-10 21:03:49
Alex Keda
какой-то прокси хитрый надо....
удалёный по ssl сразу не может?

Re: netcat & ssl

Добавлено: 2008-11-10 21:36:55
paradox
кстати помоему ssltunel была утилита
и как бы если не в портах
то в самом openssl

Re: netcat & ssl

Добавлено: 2008-11-11 2:13:49
Гость

Код: Выделить всё

(~). gnutls-cli -p pop3s pop.gmail.com
Resolving 'pop.gmail.com'...
Connecting to '72.14.221.109:995'...
- Certificate type: X.509
 - Got a certificate list of 1 certificates.

 - Certificate[0] info:
 # The hostname in the certificate matches 'pop.gmail.com'.
 # valid since: Thu Oct 25 21:53:16 MSD 2007
 # expires at: Thu Dec 24 21:53:16 MSK 2009
 # fingerprint: 44:A8:E9:2C:FB:A9:7E:6D:F9:DB:F3:62:B2:9E:F1:A9
 # Subject's DN: C=US,ST=California,L=Mountain View,O=Google Inc.,CN=pop.gmail.com
 # Issuer's DN: C=US,O=Equifax,OU=Equifax Secure Certificate Authority


- Peer's certificate issuer is unknown
- Peer's certificate is NOT trusted
- Version: TLS1.0
- Key Exchange: RSA
- Cipher: ARCFOUR-128
- MAC: MD5
- Compression: NULL
- Handshake was completed

- Simple Client Mode:

+OK Gpop ready for requests from XX.XX.XX.XX 12pf2102248fgg.0
USER *****
+OK send PASS
PASS *****
-ERR [SYS/PERM] Your account is not enabled for POP access. Please visit your Gmail settings page and enable your account for POP access.
(~). echo 'pop3	stream	tcp	nowait	root	/usr/local/bin/gnutls-cli gnutls-cli -p 995 pop.gmail.com' >> /etc/inetd.conf
(~). /etc/rc.d/inetd onestart
Starting inetd.
(~). sockstat -4lp 110
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS      
root     inetd      22436 5  tcp4   *:110                 *:*
(~). nc 0 110
Resolving 'pop.gmail.com'...
Connecting to '72.14.221.111:995'...
- Certificate type: X.509
 - Got a certificate list of 1 certificates.

 - Certificate[0] info:
 # The hostname in the certificate matches 'pop.gmail.com'.
 # valid since: Thu Oct 25 21:53:16 MSD 2007
 # expires at: Thu Dec 24 21:53:16 MSK 2009
 # fingerprint: 44:A8:E9:2C:FB:A9:7E:6D:F9:DB:F3:62:B2:9E:F1:A9
 # Subject's DN: C=US,ST=California,L=Mountain View,O=Google Inc.,CN=pop.gmail.com
 # Issuer's DN: C=US,O=Equifax,OU=Equifax Secure Certificate Authority


- Peer's certificate issuer is unknown
- Peer's certificate is NOT trusted
- Version: TLS1.0
- Key Exchange: RSA
- Cipher: ARCFOUR-128
- MAC: MD5
- Compression: NULL
- Handshake was completed

- Simple Client Mode:

+OK Gpop ready for requests from XX.XX.XX.XX 4pf5355933fgg.3
USER *****
+OK send PASS
PASS *****
-ERR [SYS/PERM] Your account is not enabled for POP access. Please visit your Gmail settings page and enable your account for POP access.
Если не нравится gnutls, то можно использовать openssl s_client -port 995 -host pop.gmail.com

Оно?

ps, забавно nc -l pop3 работает, а nc 127.1 pop3 ругается на неправильный порт ;)

Re: netcat & ssl

Добавлено: 2008-11-19 19:39:35
paradox
вспомнил
есть утилита sslwrap

Код: Выделить всё

ports\security\sslwrap