そのため、SSLサーバーと通信するためにstunnelを使用しています。暗号化される前に送信しているメッセージ、さらに重要なことに、復号化された後に受信しているメッセージを確認したいと思います。
デバッグログ(レベル7)をオンにしましたが、それでもメッセージが表示されません。詳細の下:
stunnel.conf
output = coinsetter.log
[remote]
client = yes
accept = 8888
connect = 198.61.189.25:5001
debug = 7
stunnel出力:
2015.09.23 23:11:17 LOG5[ui]: stunnel 5.18 on x86_64-Apple-darwin13.4.0 platform
2015.09.23 23:11:17 LOG5[ui]: Compiled/running with OpenSSL 1.0.1c 10 May 2012
2015.09.23 23:11:17 LOG5[ui]: Threading:PTHREAD Sockets:SELECT,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI
2015.09.23 23:11:17 LOG5[ui]: Reading configuration from file coinsetter.conf
2015.09.23 23:11:17 LOG5[ui]: UTF-8 byte order mark not detected
2015.09.23 23:11:17 LOG5[ui]: FIPS mode disabled
2015.09.23 23:11:17 LOG4[ui]: Authentication is needed to prevent MITM attacks
2015.09.23 23:11:17 LOG5[ui]: Configuration successful
2015.09.23 23:11:40 LOG7[0]: Service [remote] started
2015.09.23 23:11:40 LOG5[0]: Service [remote] accepted connection from 127.0.0.1:57261
2015.09.23 23:11:40 LOG6[0]: failover: round-robin
2015.09.23 23:11:40 LOG6[0]: s_connect: connecting 198.61.189.25:5001
2015.09.23 23:11:40 LOG7[0]: s_connect: s_poll_wait 198.61.189.25:5001: waiting 10 seconds
2015.09.23 23:11:40 LOG5[0]: s_connect: connected 198.61.189.25:5001
2015.09.23 23:11:40 LOG5[0]: Service [remote] connected remote server from 192.168.0.12:57262
2015.09.23 23:11:40 LOG7[0]: Remote socket (FD=9) initialized
2015.09.23 23:11:40 LOG6[0]: SNI: sending servername: staging-fix.coinsetter.com
2015.09.23 23:11:40 LOG7[0]: SSL state (connect): before/connect initialization
2015.09.23 23:11:40 LOG7[0]: SSL state (connect): SSLv2/v3 write client hello A
2015.09.23 23:11:40 LOG7[0]: SSL state (connect): SSLv3 read server hello A
2015.09.23 23:11:40 LOG6[0]: Certificate verification disabled
2015.09.23 23:11:40 LOG6[0]: Certificate verification disabled
2015.09.23 23:11:40 LOG6[0]: Certificate verification disabled
2015.09.23 23:11:40 LOG7[0]: SSL state (connect): SSLv3 read server certificate A
2015.09.23 23:11:40 LOG7[0]: SSL state (connect): SSLv3 read server key exchange A
2015.09.23 23:11:40 LOG7[0]: SSL state (connect): SSLv3 read server done A
2015.09.23 23:11:40 LOG7[0]: SSL state (connect): SSLv3 write client key exchange A
2015.09.23 23:11:40 LOG7[0]: SSL state (connect): SSLv3 write change cipher spec A
2015.09.23 23:11:40 LOG7[0]: SSL state (connect): SSLv3 write finished A
2015.09.23 23:11:40 LOG7[0]: SSL state (connect): SSLv3 flush data
2015.09.23 23:11:40 LOG7[0]: SSL state (connect): SSLv3 read finished A
2015.09.23 23:11:40 LOG7[0]: 1 client connect(s) requested
2015.09.23 23:11:40 LOG7[0]: 1 client connect(s) succeeded
2015.09.23 23:11:40 LOG7[0]: 0 client renegotiation(s) requested
2015.09.23 23:11:40 LOG7[0]: 0 session reuse(s)
2015.09.23 23:11:40 LOG6[0]: SSL connected: new session negotiated
2015.09.23 23:11:40 LOG7[0]: Peer certificate was cached (871 bytes)
2015.09.23 23:11:41 LOG6[0]: Negotiated TLSv1.2 ciphersuite DHE-RSA-AES256-SHA256 (256-bit encryption)
2015.09.23 23:11:41 LOG7[0]: Compression: null, expansion: null
socat でこれを行うことができます。さらに良いことに、stunnelを捨ててsocatにSSLを実行させることができます。たとえば、
socat -v TCP4-LISTEN:8888 SSL:198.61.189.25:5001