Article delegate-en/982 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]

Newsgroups: mail-lists.delegate-en

[DeleGate-En] Using DeleGate on NT for SSL telnet access
19 Jan 2001 18:04:05 GMT Peter Steele <p2ybqbdyi-5bnwhwfecmlr.ml@ml.delegate.org>


I want to use DeleGate 7.0.0 on an NT server to provide secure telnet access
to the box. I am running delegate using

dg -v -P992 -cert server-cert.pem FCL=sslway
SERVER=telnet://<host-ip-address>:23 ADMIN=localhost DGROOT=c:\winnt

I created the certificate using

openssl.exe req -new -x509 -days 365 -nodes -config certgen.cnf -out
server -cert.pem -keyout server-key.pem

For the Common Name field, I entered the same IP address that I specified in
the delegate command line above.

When I try to connect to this server from a remote client using an SSL
enabled telnet client, delegate reports the following:

01/20 09:21:20.50 [369] 0+0: --INITIALIZATION DONE--
(WIN) 21:47 [369] spawn() = 280, children(alive=1,total=1)
01/20 09:21:54.06 [372] 1+0: CODECONV[1](global,tocl,EUC.JP) => EUC.JP
01/20 09:21:54.06 [372] 1+0: REMITTABLE bound by SERVER: telnet/23
01/20 09:21:54.06 [372] 1+0: REMITTABLE = telnet/23
01/20 09:21:54.07 [372] 1+0: (0) accepted [16]
-@[<client-ip]<client-hostname>:1098 (6.109s)(1)
01/20 09:21:54.10 [152] 1+0: CODECONV[1](global,tocl,EUC.JP) => EUC.JP
01/20 09:21:54.11 [152] 1+0: REMITTABLE bound by SERVER: telnet/23
01/20 09:21:54.11 [152] 1+0: REMITTABLE = telnet/23
01/20 09:21:54.12 [152] 1+0: [FCL] callFilter2: 23=1 24=1 sslway
01/20 09:21:54.12 [152] 1+0: #### execFilter[FCL] sslway
01/20 09:21:54.12 [152] 1+0: #### [sslway](1) sslway
(WIN) 21:54 [372] spawn() = 344, children(alive=1,total=1)
01/20 09:21:54.13 [372] 1+0:
PATH:telnet://<server-ip>:23!<server-hostname>:992!<client-hostname>:1098!an
onymous@<client-hostname>;979982514
01/20 09:21:54.14 [372] 1+0: ## hostIFto <client-ip>< 0.0.0.0 (ffff0000)
01/20 09:21:54.14 [372] 1+0: E-P: No permission: <client-hostname>:1098
=>telnet://<server-ip>
01/20 09:21:54.14 [372] 1+0: bind_insock(22,192.168.0.116,0) = 0
(WIN) 21:54 [152] spawn() = 244, children(alive=1,total=1)
## SSLway[323](<client-hostname>) accept failed
(WIN) 21:54 [152] wait(0) = ...
344:error:140760F8:SSL routines:SSL23_GET_CLIENT_HELLO:unknown
protocol:.\ssl\s23_srvr.c:487:
(WIN) 21:54 [152] wait3() = 244, status=-1, children(alive=0,total=1)
(WIN) 21:54 [152] wait(0) = 244
01/20 09:21:55.58 [372] 1+0: ## connect[22] refused (10061)
01/20 09:21:55.58 [372] 1+0: ### IDENT CONNECT(<client-hostname>:113)
TIMEOUT(10000ms) (9)
01/20 09:21:55.58 [372] 1+0: ####LS cannot open
c:\winnt/act/delay/17/<client-ip>:(<client-hostname>)
01/20 09:21:55.58 [372] 1+0: E-C: Can't connect: <client-hostname>:1098
=>telnet://<server-ip> (?)
01/20 09:21:55.59 [372] 1+0: disconnected [16]
-@[<client-ip>]<client-hostname>:1098 (7.631s)(0)
(WIN) 21:55 [372] wait3() = 344, status=0, children(alive=0,total=1)
01/20 09:21:55.59 [372] 1+0: CFI process [344] done (1/1 AFT-0)
(WIN) 22:02 [369] wait3() = 280, status=0, children(alive=0,total=1)

I believe the key line is all of this is:

01/20 09:21:54.14 [372] 1+0: E-P: No permission: <client-hostname>:1098
=>telnet://<server-ip>

This probably implies I have something wrong with my certificate. I've
various changes in both my certificate generation as well as in the command
line parameters used to launch delegate but the error is always the same.

Can anyone explain what I'm doing wrong?



  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V