Mail Archives: cygwin/2023/05/08/11:32:26

Brian Inglis via Cygwin <cygwin AT cygwin DOT com> · Mon, 8 May 2023 09:31:16 -0600

On 2023-05-08 01:31, Yuri via Cygwin wrote:
> I've built the proxytunnel project in Cygwin 
> (https://github.com/proxytunnel/proxytunnel).
> It is usually used to tunnel ssh through https using the https CONNECT command.
> The command "proxytunnel --no-check-certificate -E -p 
> {https-proxy-host}:{https-proxy-port} -d 127.0.0.1:22" works on Linux and BSD.
> However, it fails in Cygwin with the exit code 1 (SSL_TLSEXT_ERR_ALERT_WARNING), 
> which causes this error message in proxytunnel:
>  > SSL_set_tlsext_host_name returned: 1 (0x1). TLS SNI error, giving up
> This prevents proxytunnel from being able to connect to the remote peer.
> What might be wrong?

Which Cygwin, ssl/tls-devel libraries, and ca-certificates... packages and 
versions are you using?

	$ man SSL_set_tlsext_host_name

says SSL_set_tlsext_host_name etc. returns 1 for success, 0 for failure?

Web search TLS SNI and you will find that either the host presents a list of 
certs none of which match the host name you are connecting to, a matching cert 
cannot be validated, possibly due to a missing CA chain, or one end could not 
handle the list presented or cert matched; some hits offer diagnostic suggestions.

-- 
Take care. Thanks, Brian Inglis              Calgary, Alberta, Canada

La perfection est atteinte                   Perfection is achieved
non pas lorsqu'il n'y a plus rien Ă  ajouter  not when there is no more to add
mais lorsqu'il n'y a plus rien Ă  retirer     but when there is no more to cut
                                 -- Antoine de Saint-ExupĂŠry

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

X-Recipient:	archive-cygwin AT delorie DOT com
DKIM-Filter:	OpenDKIM Filter v2.11.0 sourceware.org 454DC385770D
DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1683559894;
	bh=RdQMKdTY/wqEAVv0CzIKtE4DgK7flpDThqALYdR9lfA=;
	h=Date:Subject:To:References:In-Reply-To:List-Id:List-Unsubscribe:
	List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc:
	From;
	b=KjHI7HgQVigSomsPyvP7eGOKCVujggup8fXBia72dmq1827EXFskJq3xOx+IzI66l
	Ui8FHf6cORcBjWPlUYxCQP29Hluk7iItRlLbZNxkcX+y+h6RcLxFunnU/pppbgbfiN
	Vyn7++Sp6V+QvAX0m8b5R+ue799NpepVsJEPK06k=
X-Original-To:	cygwin AT cygwin DOT com
Delivered-To:	cygwin AT cygwin DOT com
DMARC-Filter:	OpenDMARC Filter v1.4.2 sourceware.org AB19A3858D32
X-Authority-Analysis:	v=2.4 cv=e5oV9Il/ c=1 sm=1 tr=0 ts=645915c5
	a=DxHlV3/gbUaP7LOF0QAmaA==:117 a=DxHlV3/gbUaP7LOF0QAmaA==:17
	a=IkcTkHD0fZMA:10 a=NEAV23lmAAAA:8 a=7392p9bmP1SmsWvOWsUA:9 a=QEXdDO2ut3YA:10
Message-ID:	<70c086a9-4c9f-7cb3-f53a-86c4f9c2d056@Shaw.ca>
Date:	Mon, 8 May 2023 09:31:16 -0600
MIME-Version:	1.0
User-Agent:	Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101
	Thunderbird/102.10.1
Subject:	Re: OpenSSL failure in Cygwin: SSL_set_tlsext_host_name returns 1
	(SSL_TLSEXT_ERR_ALERT_WARNING)
To:	cygwin AT cygwin DOT com
References:	<b31136f2-3401-34a8-ba89-7528c906bcd3 AT tsoft DOT com>
Organization:	Inglis
In-Reply-To:	<b31136f2-3401-34a8-ba89-7528c906bcd3@tsoft.com>
X-CMAE-Envelope:	MS4xfG4OG7VDjPorRvnLjcQO+8tx0ehDijH3r68RjgxFjWaGElaE/I20Vi+zXSTRypohkECGYAVTsD03erZ45z27eEtVeJznB5OP0p8ODiGR8UIS35LOmntX
	DzkhfYTpGWvckgldGbQzGCg/19ER+VrxKI3G6ekt63ZDfpmiMxy1fdc/XkJmveDUNX+/7rJYDv909JgQUCqNtjyNrU+Y3RKuE2o=
X-Spam-Status:	No, score=-4.0 required=5.0 tests=BAYES_00, DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, NICE_REPLY_A, RCVD_IN_DNSWL_LOW,
	RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_PASS, TXREP,
	T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version:	SpamAssassin 3.4.6 (2021-04-09) on
	server2.sourceware.org
X-BeenThere:	cygwin AT cygwin DOT com
X-Mailman-Version:	2.1.29
List-Id:	General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe:	<https://cygwin.com/mailman/options/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive:	<https://cygwin.com/pipermail/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe:	<https://cygwin.com/mailman/listinfo/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From:	Brian Inglis via Cygwin <cygwin AT cygwin DOT com>
Reply-To:	cygwin AT cygwin DOT com
Cc:	Brian Inglis <Brian DOT Inglis AT Shaw DOT ca>, Yuri <yuri AT rawbw DOT com>
Errors-To:	cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com
Sender:	"Cygwin" <cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com>
X-MIME-Autoconverted:	from base64 to 8bit by delorie.com id 348FVxeZ001958

webmaster	delorie software privacy
Copyright Š 2019 by DJ Delorie	Updated Jul 2019