我想通过stunnel代理到XMPP ejabberd / mongoose服务器。 Stunnel有证书,client = no等。这是config:
cert = /home/user/ssl/CA/certs/server.cert.pem
key = /home/user/ssl/CA/private/server.nopass.key.pem
;sslVersion = TLSv1
sslVersion = all
setuid = stunnel4
setgid = stunnel4
pid= /var/run/stunnel4/stunnel.pid
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
verify = 2
CApath = /home/user/ssl/CA/certs
CAfile = /home/user/ssl/CA/certs/ca.cert.pem
CRLpath = /home/user/ssl/CA/crl/
CRLfile = /home/user/ssl/CA/crl/crl.pem
debug = info
output = /var/log/stunnel4/stunnel.log
[mongooseim]
accept = 5226
connect = 5222
如果我这样连接:
openssl s_client -connect localhost:5226 -cert /home/user/ssl/CA/certs/username.cert.pem -key /home/user/ssl/CA/private/username.key.pem -verify 2
但如果我以这种方式连接,就像客户端一样(使用-starttls xmpp):
openssl s_client -connect localhost:5226 -cert /home/user/ssl/CA/certs/username.cert.pem -key /home/user/ssl/CA/private/username.key.pem -verify 2 -starttls xmpp
我在stunnel日志中收到错误:
SSL_accept: 140760FC: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
并且xmpp服务器日志安静,这意味着没有尝试连接到xmpp。
我应该如何使用-startssl xmpp正常处理客户请求?
谢谢。