Soner Tari
Soner Tari
As I am sure you have realized, you are trying to use the same port in two different proxyspecs, twice: 8443 and 8080. Hence, you get an "Address already in...
Thanks @Chaskel for detailed explanations. You are right about the usage help, there is an example with loopback addresses for both IPv4 and IPv6, which by the way works without...
I guess you have already figured it out that we use the ethernet address to forward emulated packets to the given target IPv4 address (-T) on the given interface (-I)....
Hm, I see the issue, but how do we selectively request client certificates from certain clients only? I guess such an option would be all (for all clients) or nothing.
Is your IoT client going to establish the ssl connection if the original server does not ask for a client certificate? I thought you meant that it never does without...
Since you're willing to develop this feature yourself, can you add the following line to the end of the function `pxy_srcsslctx_create()` in `pxyconn.c` right before it returns before the line...
Can you add the following line after SSL_CTX_set_verify() call? ``` SSL_CTX_set_default_verify_paths(sslctx); ``` Also can you remove the `SSL_VERIFY_FAIL_IF_NO_PEER_CERT` flag from the second param of SSL_CTX_set_verify()? You may need to play...
Curl gives an `unknown ca` alert, which means that you did not add the sslsplit CA to the curl trust store. (Are you sure your original problem was related with...
So, my current theory is that client cert procedure is actually running, but it is failing because sslsplit rejects the curl's client cert, because the sslsplit's default cert path does...
The `unknown ca` alert clearly says that openssl does not like the CA, but if you think that you have done everything right, then I am out of ideas. Perhaps...