Страница 1 из 1
netcat & ssl
Добавлено: 2008-09-18 11:04:41
friend
есть потребность выстроить туннель.
есть удаленный сервер на нем pop3s 995 порт.
нужно на локальном получить порт 110 но чтоб уже он не был секурный.
подскажите как быть?
Re: netcat & ssl
Добавлено: 2008-11-10 21:03:49
Alex Keda
какой-то прокси хитрый надо....
удалёный по ssl сразу не может?
Re: netcat & ssl
Добавлено: 2008-11-10 21:36:55
paradox
кстати помоему ssltunel была утилита
и как бы если не в портах
то в самом openssl
Re: netcat & ssl
Добавлено: 2008-11-11 2:13:49
Гость
Код: Выделить всё
(~). gnutls-cli -p pop3s pop.gmail.com
Resolving 'pop.gmail.com'...
Connecting to '72.14.221.109:995'...
- Certificate type: X.509
- Got a certificate list of 1 certificates.
- Certificate[0] info:
# The hostname in the certificate matches 'pop.gmail.com'.
# valid since: Thu Oct 25 21:53:16 MSD 2007
# expires at: Thu Dec 24 21:53:16 MSK 2009
# fingerprint: 44:A8:E9:2C:FB:A9:7E:6D:F9:DB:F3:62:B2:9E:F1:A9
# Subject's DN: C=US,ST=California,L=Mountain View,O=Google Inc.,CN=pop.gmail.com
# Issuer's DN: C=US,O=Equifax,OU=Equifax Secure Certificate Authority
- Peer's certificate issuer is unknown
- Peer's certificate is NOT trusted
- Version: TLS1.0
- Key Exchange: RSA
- Cipher: ARCFOUR-128
- MAC: MD5
- Compression: NULL
- Handshake was completed
- Simple Client Mode:
+OK Gpop ready for requests from XX.XX.XX.XX 12pf2102248fgg.0
USER *****
+OK send PASS
PASS *****
-ERR [SYS/PERM] Your account is not enabled for POP access. Please visit your Gmail settings page and enable your account for POP access.
(~). echo 'pop3 stream tcp nowait root /usr/local/bin/gnutls-cli gnutls-cli -p 995 pop.gmail.com' >> /etc/inetd.conf
(~). /etc/rc.d/inetd onestart
Starting inetd.
(~). sockstat -4lp 110
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
root inetd 22436 5 tcp4 *:110 *:*
(~). nc 0 110
Resolving 'pop.gmail.com'...
Connecting to '72.14.221.111:995'...
- Certificate type: X.509
- Got a certificate list of 1 certificates.
- Certificate[0] info:
# The hostname in the certificate matches 'pop.gmail.com'.
# valid since: Thu Oct 25 21:53:16 MSD 2007
# expires at: Thu Dec 24 21:53:16 MSK 2009
# fingerprint: 44:A8:E9:2C:FB:A9:7E:6D:F9:DB:F3:62:B2:9E:F1:A9
# Subject's DN: C=US,ST=California,L=Mountain View,O=Google Inc.,CN=pop.gmail.com
# Issuer's DN: C=US,O=Equifax,OU=Equifax Secure Certificate Authority
- Peer's certificate issuer is unknown
- Peer's certificate is NOT trusted
- Version: TLS1.0
- Key Exchange: RSA
- Cipher: ARCFOUR-128
- MAC: MD5
- Compression: NULL
- Handshake was completed
- Simple Client Mode:
+OK Gpop ready for requests from XX.XX.XX.XX 4pf5355933fgg.3
USER *****
+OK send PASS
PASS *****
-ERR [SYS/PERM] Your account is not enabled for POP access. Please visit your Gmail settings page and enable your account for POP access.
Если не нравится gnutls, то можно использовать openssl s_client -port 995 -host pop.gmail.com
Оно?
ps, забавно nc -l pop3 работает, а nc 127.1 pop3 ругается на неправильный порт

Re: netcat & ssl
Добавлено: 2008-11-19 19:39:35
paradox
вспомнил
есть утилита sslwrap