Hi All, Based on the inputs from Mr.Avila, I was able to fix the issue.
Now I am able to connect to the device from the web browser using HTTPS. Thanks all of you... Regards, Siva On Tue, Jan 13, 2015 at 8:03 PM, Leandro Avila <[email protected]> wrote: > Hello, > > Looks like you got the hard part done (cross compiling etc) > > 1. You don't need to run stunnel on the client machine. You will use your > web browser and your browser will handle the TLS connection > 2. In your case you only need a stunnel instance running as a server on > the linux device. > Your stunnel.conf will look something like > > [https] > client = no > > accept = 443 > connect = 127.0.0.1:80 > > > The above configures stunel as a server, listening for connections on all > interfaces port 443 and connecting to > localhost port 80 > > > 3. I'm not sure what you mean by "the device and the machine can have any > random IP and port" > - You mean if both devices get a dhcp assigned ip? In that case the above > config should work, because it listens in all > available IPs > - The port portion there are defined ports for http (port 80) and https > (port 443) that should be it for the server > unless your application is different. On the client side you don't need to > worry about the port > > 4. Stunnel will provide the SSL/TLS encapsulation to your http connection. > So in that regard is a solution. > Other times people might opt for using a http server that supports SSL/TLS > natively, but you are working on embedded systems > so there are contraints there. > > This is an alternative for instance. > > http://acme.com/software/mini_httpd/ > > Hope this helps, feel free to ask more questions > > ----------------- > > Leandro Avila > > On Tuesday, January 13, 2015 6:57 AM, Siva Kumar < > [email protected]> wrote: > > > > > > > >Hi All, > > > > > >I am fairly new to stunnel and also to the networking concepts. > > > > > >Currently we are working on a surveillance device running on monta vista > linux on the ARM11 architecture. We have crossed compiled and deployed a > THTTPD server which is working fine. Once you connect to the device using > any of the web client (from a windows PC), it will take you to a web page > where you can select and stream live video's from all the camera's > connected to the device. So far everything is working fine now.. > > > > > >Now the real problem is that we need to support https as well along with > http. Since THTTPD web server doesn't support secure connection we thought > we would accomplish that using the stunnel application. We were able to > download and cross compile the stunnel application for the device. > > > > > >Now the doubts I have here is:- > > > > > >1) Do we need a stunnel server application running on the windows PC from > where we will be using the web browser to connect to the client? > > > > > >2) Where should be the stunnel server and stunnel client be running. I > mean should the linux device be running the stunnel client and the windows > PC be running the stunnel server? In that case what should be the correct > accept and connect parameters in the stunnel.conf file in both the device > and the windows PC? > > > > > >3) Since the device and the machine can have any random IP and port, so > is it feasible to dynamically set the accept and connect parameters in the > stunnel.conf file? > > > > > >4) Can the stunnel be considered as a solution to the problem which I > have reported here. The point 3 above makes me thing otherwise. > > > > > >I have tried all combinations mentioned in the point 1 and 2 without > success. In none of the case my web browser was able to talk to the device > using HTTPS (ie https://my_device_ip). I could see a "client hello" > request from the browser to which the client sends an ACK and RST. In some > combination an HTTPS request from the browser only triggered a TCP > connection request for which the client responded with ACK and RST. > > > > > >Sorry for the long mail. Any inputs would be deeply appreciated. > > > > > > > >Regards, > >Siva > >_______________________________________________ > >stunnel-users mailing list > >[email protected] > >https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users > > > > > > >
_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
