Error Connecting Ssl Tunnel Could Not Open Socket To
Contents |
Sign in Pricing Blog Support Search GitHub This repository Watch 537 Star 8,306 Fork 2,302 composer/composer Code Issues 170 Pull requests 23 Projects 0 Pulse Graphs New issue OpenSSL Error: Cannot connect stunnel to HTTPS server through proxy #2021 Closed boldtrn opened this Issue Jun 20,
Proxy Tunneling Failed: Forbiddenunable To Establish Ssl Connection.
2013 · 10 comments Projects None yet Labels None yet Milestone No milestone Assignees No one assigned
Openssl S_client
6 participants boldtrn commented Jun 20, 2013 Hi, I am behind a company firewall and composer stopped working some time ago (around 4-5 weeks). So I tried composer diag and this shows the following
Openssl Windows
output: Checking platform settings: OK Checking http connectivity: OK Checking HTTP proxy: OK Checking HTTP proxy support for request_fulluri: OK Checking HTTPS proxy support for request_fulluri: FAIL Unable to assert the situation, maybe github is down (The "https://api.github.com/repos/Seldaek/jsonlint/zipball/1.0.0" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages: error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:reason(1112) failed to open stream: Cannot connect to HTTPS server through proxy) Checking composer.json: FAIL curl No license specified, it is recommended to do so. For closed-source software you may use "proprietary" as license. Checking disk free space: OK Checking composer version: OK I tried to set: HTTPS_PROXY_REQUEST_FULLURI to true or false, but this doesn't changed anything for me. So right now I don't have any clue how to go on. Anybody got an idea? Unfortunately I cant run composer update anymore, what ends in something like this: Loading composer repositories with package information Updating dependencies (including require-dev) - Installing symfony/icu (v1.2.0) Loading from cache - Installing doctrine/dbal (2.3.4) Downloading: 100% Downloading: 100% Downloading: 100% [Composer\Downloader\TransportException] The "https://api.github.com/repos/doctrine/dbal/zipball/2.3.4" file could n ot be downloaded: SSL operation failed with code 1. OpenSSL Error messages: error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:reason(1112) failed to open stream: Cannot connect to HTTPS server through proxy stof commented Jun 20, 2013 does your proxy block SSL trafic ? boldtrn commented Jun 21, 2013 Thank you for your reply @stof . The Proxy supports SSL, e.g. if I enter https://api.github.com/repos/doctrine/dbal/zipball/2.3.4 in the Browser. It will start to download the zip. Also I should add: I am working on a Windows XP machine using cygwin(Using the regular Windows CMD doesn't change anything). I just tried to download the https://api.gi
or SSLeay. In that case you should download and compile one of them. OpenSSL can be found at www.openssl.org. The other possibility is that you installed your SSL library in a non-standard place. Use the --with-ssl directive when running configure to tell it where this directory is. Configure is not finding my TCP Wrapper installation You probably have it in a non-standard place, i.e. somewhere that gcc cannot find it on its own. Lets say you had your tcp wrappers installed in /opt/tcpd_7.6. To help gcc find your include files and libraries, you should set three environment variables as follows: CFLAGS="$CFLAGS -I/opt/tcpd_7.6/include" CPPFLAGS="$CPPFLAGS -I/opt/tcpd_7.6/include" LDFLAGS="$LDFLAGS -L/opt/tcpd_7.6/lib" export CFLAGS CPPFLAGS LDFLAGS And then re-run configure. This is https://github.com/composer/composer/issues/2021 the generic way to have configure find specific libraries, and is not specific to stunnel itself. What to do when stunnel fails Firstly, the most important things to try when you are having trouble running stunnel is to: run with full debug mode debug = 7 if running the daemon, run it in the foreground foreground = yes Doing this gives you the best chance of catching the errors in the log on the screen. https://www.stunnel.org/faq.html I do not have the openssl binary / Cannot make stunnel.pem! If you do not have the openssl program (for example you are using the pre-compiled version of stunnel on a Windows machine) then you need to generate an stunnel.pem file in some other manner. You can find a spare Unix workstation that does have OpenSSL installed, for example. When I run stunnel, it just sits there, it does not listen for requests! You are probably missing the [service] definition in your config. For example: pid = /stunnel.pid setuid = nobody setgid = nobody debug = local6.err foreground = no client = yes [mysyslog] accept = localhost:syslog connect = logging:syslogs Without that [mysyslog] line, stunnel assumes you want to operate in inetd-style mode. I get the error "Wrong permissions on stunnel.pem" I get the error stunnel[PID]: Wrong permissions on /path/to/stunnel.pem on my stunnel server or on stunnel client using client-side certificates. The stunnel.pem file contains your key (private data) and certificate (public data). In order for stunnel to start automatically without requiring a password, the key is created without a password. This means that anyone who can read this file can compromise your SSL security. This file must be readable only by root, or the user who runs stunnel. Use the chmod command to fix permissions on this file, ala
Start here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about Stack Overflow the company Business Learn more about hiring http://serverfault.com/questions/614094/mysql-access-denied-error-when-connecting-via-ssh-tunnel developers or posting ads with us Server Fault Questions Tags Users Badges Unanswered Ask Question _ Server Fault is a question and answer site for system and network administrators. Join them; it only takes a minute: Sign up Here's how it http://help.globalscape.com/help/cuteftp8/Socket_errors_10060_10061_10064_10065.htm works: Anybody can ask a question Anybody can answer The best answers are voted up and rise to the top MySQL access denied error when connecting via SSH tunnel up vote 6 down vote favorite For months I've been connecting error connecting to the MySQL instance running on our local test server through an SSH tunnel without any issues. All of sudden though, with no changes I can think of, the server has started rejecting the log in attempt from Sequel Pro with the error: Unable to connect to host 127.0.0.1 because access was denied. Double-check your username and password and ensure that access from your current location is permitted. MySQL said: Access denied for user 'root'@'localhost' (using password: YES) I'm able error connecting ssl to log in from the terminal when connected directly to the server through SSH, just not through an SSH tunnel. The problem isn't specific to Sequel Pro or just myself either, I get the same error when connecting through MySQL Workbench as do others in the office. I've reset the password with mysqladmin just for sanity's sake, that's definitely not the issue. When I started looking into it more I noticed that the error was reporting the server as "localhost", instead of "127.0.0.1" which I entered in Sequel Pro. A friend suggested that's probably just bad error handling, but it seems strange given the significant difference between localhost and 127.0.0.1 in MySQL. In an attempt to get around the tunnelling issue, I granted access to root@%, so that I can connect directly. This works for the most part, I can view table data, create new databases, etc. The only problem is when I come to create users I get the error: Access denied for user 'root'@'%' (using password: YES) Oddly the user is actually created, I think it's just an issue with grant. Again though, from the terminal I can do anything when logged in as root. Can anybody help shed some light on why tunnel connections and (probably) grant commands are receiving the access denied error? For reference MySQ is version 5.6.16 with mostly the default settings, installed via Homebrew on a MAC OS X Server machine. Update Her
the presence of firewall or anti-virus software on the local computer or network connection. Either can block the ports needed to make a successful FTP connection to the remote server. For a regular FTP session, either disable the firewall or anti-virus software or configure them to allow CuteFTP to establish an FTP session over ports 20 and 21. Consult the documentation or help file for your specific firewall or antivirus software product for instructions. Usually the manufacturer of the device or software will also have specific instructions available on their Web site. If you continue to receive the same error after insuring ports 20 and 21 are open, contact the administrator of the site you are trying to connect to. For more error code information, refer to Knowledge Base article 10140 at http://kb.globalscape.com. WSAETIMEDOUT (10060) 10060 is a connection-timeout error that usually appears when the client does not receive a response from the server for a specific command. This error often occurs when you try to connect in PASV mode to a server that prefers PORT for data connections. If you see an error log similar to the one below, in the Site Properties of the problem site, click the Type tab, then change the Data Connection Type to Use PORT. COMMAND:> PASV 227 Entering Passive Mode (xxx,xx,xxx,xx,x,xxx). COMMAND:> LIST STATUS:> Connecting ftp data socket xxx.xx.xxx.xx:xxxx... ERROR:> Can't connect to remote server. Socket error = #10060. ERROR:> Failed to establish data socket. If you still receive a 10060 error, the server may be trying to send a listing for a very large directory (with many thousands of files) causing the client to time-out while waiting. Try increasing the time-out value in the Global Options dialog box (Tools > Global Options > T