X-Recipient: archive-cygwin AT delorie DOT com
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 454DC385770D
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1683559894;
	bh=RdQMKdTY/wqEAVv0CzIKtE4DgK7flpDThqALYdR9lfA=;
	h=Date:Subject:To:References:In-Reply-To:List-Id:List-Unsubscribe:
	 List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc:
	 From;
	b=KjHI7HgQVigSomsPyvP7eGOKCVujggup8fXBia72dmq1827EXFskJq3xOx+IzI66l
	 Ui8FHf6cORcBjWPlUYxCQP29Hluk7iItRlLbZNxkcX+y+h6RcLxFunnU/pppbgbfiN
	 Vyn7++Sp6V+QvAX0m8b5R+ue799NpepVsJEPK06k=
X-Original-To: cygwin AT cygwin DOT com
Delivered-To: cygwin AT cygwin DOT com
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org AB19A3858D32
X-Authority-Analysis: v=2.4 cv=e5oV9Il/ c=1 sm=1 tr=0 ts=645915c5
 a=DxHlV3/gbUaP7LOF0QAmaA==:117 a=DxHlV3/gbUaP7LOF0QAmaA==:17
 a=IkcTkHD0fZMA:10 a=NEAV23lmAAAA:8 a=7392p9bmP1SmsWvOWsUA:9 a=QEXdDO2ut3YA:10
Message-ID: <70c086a9-4c9f-7cb3-f53a-86c4f9c2d056@Shaw.ca>
Date: Mon, 8 May 2023 09:31:16 -0600
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101
 Thunderbird/102.10.1
Subject: Re: OpenSSL failure in Cygwin: SSL_set_tlsext_host_name returns 1
 (SSL_TLSEXT_ERR_ALERT_WARNING)
Content-Language: en-CA
To: cygwin AT cygwin DOT com
References: <b31136f2-3401-34a8-ba89-7528c906bcd3 AT tsoft DOT com>
Organization: Inglis
In-Reply-To: <b31136f2-3401-34a8-ba89-7528c906bcd3@tsoft.com>
X-CMAE-Envelope: MS4xfG4OG7VDjPorRvnLjcQO+8tx0ehDijH3r68RjgxFjWaGElaE/I20Vi+zXSTRypohkECGYAVTsD03erZ45z27eEtVeJznB5OP0p8ODiGR8UIS35LOmntX
 DzkhfYTpGWvckgldGbQzGCg/19ER+VrxKI3G6ekt63ZDfpmiMxy1fdc/XkJmveDUNX+/7rJYDv909JgQUCqNtjyNrU+Y3RKuE2o=
X-Spam-Status: No, score=-4.0 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, NICE_REPLY_A, RCVD_IN_DNSWL_LOW,
 RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_PASS, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: cygwin AT cygwin DOT com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe: <https://cygwin.com/mailman/options/cygwin>,
 <mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
 <mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From: Brian Inglis via Cygwin <cygwin AT cygwin DOT com>
Reply-To: cygwin AT cygwin DOT com
Cc: Brian Inglis <Brian DOT Inglis AT Shaw DOT ca>, Yuri <yuri AT rawbw DOT com>
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Errors-To: cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com
Sender: "Cygwin" <cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from base64 to 8bit by delorie.com id 348FVxeZ001958

On 2023-05-08 01:31, Yuri via Cygwin wrote:
> I've built the proxytunnel project in Cygwin 
> (https://github.com/proxytunnel/proxytunnel).
> It is usually used to tunnel ssh through https using the https CONNECT command.
> The command "proxytunnel --no-check-certificate -E -p 
> {https-proxy-host}:{https-proxy-port} -d 127.0.0.1:22" works on Linux and BSD.
> However, it fails in Cygwin with the exit code 1 (SSL_TLSEXT_ERR_ALERT_WARNING), 
> which causes this error message in proxytunnel:
>  > SSL_set_tlsext_host_name returned: 1 (0x1). TLS SNI error, giving up
> This prevents proxytunnel from being able to connect to the remote peer.
> What might be wrong?

Which Cygwin, ssl/tls-devel libraries, and ca-certificates... packages and 
versions are you using?

	$ man SSL_set_tlsext_host_name

says SSL_set_tlsext_host_name etc. returns 1 for success, 0 for failure?

Web search TLS SNI and you will find that either the host presents a list of 
certs none of which match the host name you are connecting to, a matching cert 
cannot be validated, possibly due to a missing CA chain, or one end could not 
handle the list presented or cert matched; some hits offer diagnostic suggestions.

-- 
Take care. Thanks, Brian Inglis              Calgary, Alberta, Canada

La perfection est atteinte                   Perfection is achieved
non pas lorsqu'il n'y a plus rien à ajouter  not when there is no more to add
mais lorsqu'il n'y a plus rien à retirer     but when there is no more to cut
                                 -- Antoine de Saint-Exupéry

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple