From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from omta002.cacentral1.a.cloudfilter.net (omta002.cacentral1.a.cloudfilter.net [3.97.99.33]) by sourceware.org (Postfix) with ESMTPS id AB19A3858D32 for ; Mon, 8 May 2023 15:31:17 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org AB19A3858D32 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=Shaw.ca Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=shaw.ca Received: from shw-obgw-4002a.ext.cloudfilter.net ([10.228.9.250]) by cmsmtp with ESMTP id vvDapoVBK6Nwhw2pZp0NM3; Mon, 08 May 2023 15:31:17 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=shaw.ca; s=s20180605; t=1683559877; bh=qCjaMjyVVLDGsazhUOJuknh/TeAO4fcxlKON64gQ0vo=; h=Date:Reply-To:Subject:To:References:From:Cc:In-Reply-To; b=qr1KLihuramhXub8v2oW0fLMsVKLkH/wZwTQO61c3yM/25j8S3dTjhjgQ5rJ1DUDc AzUyuvRxVgl2Q9rr3IxzyA6xL31CiYjCBgGwtS/2X0LdnLn5/72c8hXbfVDa91DHTC h3QNsrSepphCbanQ7nt3Ydqzu9lf2ya4FErgepXXX861L524sQ/91cHJcuoEEVahlR a3/86y8Yi5fV9+J+l5KiZUKVV9aUWu6jCyHKDIjJhjaAprg2vMrMSjKWUaAxq4xDXy +dRRu9d3uC3h4jyQllBrBKcYaH65vh+COywkgQyNEjh2Moch2pjXvWehLa/vuymdTM 51E3vr5V6ElNg== Received: from [10.0.0.5] ([184.64.102.149]) by cmsmtp with ESMTP id w2pYpEX0HyAOew2pYpWo2N; Mon, 08 May 2023 15:31:17 +0000 X-Authority-Analysis: v=2.4 cv=e5oV9Il/ c=1 sm=1 tr=0 ts=645915c5 a=DxHlV3/gbUaP7LOF0QAmaA==:117 a=DxHlV3/gbUaP7LOF0QAmaA==:17 a=IkcTkHD0fZMA:10 a=NEAV23lmAAAA:8 a=7392p9bmP1SmsWvOWsUA:9 a=QEXdDO2ut3YA:10 Message-ID: <70c086a9-4c9f-7cb3-f53a-86c4f9c2d056@Shaw.ca> Date: Mon, 8 May 2023 09:31:16 -0600 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.10.1 Reply-To: cygwin@cygwin.com Subject: Re: OpenSSL failure in Cygwin: SSL_set_tlsext_host_name returns 1 (SSL_TLSEXT_ERR_ALERT_WARNING) Content-Language: en-CA To: cygwin@cygwin.com References: From: Brian Inglis Organization: Inglis Cc: Yuri In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-CMAE-Envelope: MS4xfG4OG7VDjPorRvnLjcQO+8tx0ehDijH3r68RjgxFjWaGElaE/I20Vi+zXSTRypohkECGYAVTsD03erZ45z27eEtVeJznB5OP0p8ODiGR8UIS35LOmntX DzkhfYTpGWvckgldGbQzGCg/19ER+VrxKI3G6ekt63ZDfpmiMxy1fdc/XkJmveDUNX+/7rJYDv909JgQUCqNtjyNrU+Y3RKuE2o= X-Spam-Status: No, score=-4.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On 2023-05-08 01:31, Yuri via Cygwin wrote: > I've built the proxytunnel project in Cygwin > (https://github.com/proxytunnel/proxytunnel). > It is usually used to tunnel ssh through https using the https CONNECT command. > The command "proxytunnel --no-check-certificate -E -p > {https-proxy-host}:{https-proxy-port} -d 127.0.0.1:22" works on Linux and BSD. > However, it fails in Cygwin with the exit code 1 (SSL_TLSEXT_ERR_ALERT_WARNING), > which causes this error message in proxytunnel: > > SSL_set_tlsext_host_name returned: 1 (0x1). TLS SNI error, giving up > This prevents proxytunnel from being able to connect to the remote peer. > What might be wrong? Which Cygwin, ssl/tls-devel libraries, and ca-certificates... packages and versions are you using? $ man SSL_set_tlsext_host_name says SSL_set_tlsext_host_name etc. returns 1 for success, 0 for failure? Web search TLS SNI and you will find that either the host presents a list of certs none of which match the host name you are connecting to, a matching cert cannot be validated, possibly due to a missing CA chain, or one end could not handle the list presented or cert matched; some hits offer diagnostic suggestions. -- Take care. Thanks, Brian Inglis Calgary, Alberta, Canada La perfection est atteinte Perfection is achieved non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add mais lorsqu'il n'y a plus rien à retirer but when there is no more to cut -- Antoine de Saint-Exupéry