[GRLUG] Hidden port?

Adam Tauno Williams awilliam at whitemice.org
Thu Oct 28 06:12:13 EDT 2010


On Wed, 2010-10-27 at 22:20 -0400, Ben DeMott wrote:
> What happens if you try to open a socket on 443..try a python

Simplest way to test a port is with netcat -

netcat -l -p 443 localhost

> script... if somethings bound with epoll it might not show up...

+1 (I hope someone fixes that.)

> what happens when you telnet 443?  Don't ssl virtual hosts only work
> with an extension to apache/a patched ssl or did they get that into
> the mainstream?

It is mainstream; but quite recently [2.2.8 I think; but only (?) in a
healthy combination of your version of OpenSSL/GNUtls].
<https://issues.apache.org/bugzilla/show_bug.cgi?id=34607>

If something doesn't work - in the fine and long established SSL
tradition - I'd wager your error message is meaningless and/or an
exercise in misdirection [SSL error messages are *intended* (I believe)
to misinform and confuse].  I've seen "cannot bind to port" error
messages result form .... drumroll ... incorrect file permissions on the
certificate / certificate chain files.  Which, obviously, has nothing
what-so-ever to do with the state of the port.  

Motto#1: Always use SSL for everything, always, but never stop hating
SSL and the deviant malicious freaks who wrote that code.

Motto#2: If you get an error message relating to SSL, go back to step
#1, and just start rechecking *everything*.  Don't assume the error
message relates to the *actual* cause of the problem.

Seriously, #2 will actually save you a lot of time.

-- 
openSUSE w/GNOME <http://www.opensuse.org/en/>
Linux for human beings who need to get work done.


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the grlug mailing list