Openssl version: 0.9.8a
Objective: secure FTP (SFTP) w/o pasv

Everything works with self signed cert if client that is going to connect is
located ONLY on the same subnet.

If I try to connect a client to the server from outside the subnet, ie.
internet client user, I get a "decryption failed or bad record mac" error.

Scenario:
client (public ip) tries to connect to server (non-route able ip on DMZ with
public IP forwarded). Won't work.
client (non-route able ip on DMZ) tries to connect to server. Does work.

Is there a mechanism inside OpenSSL that doesn't allow cert pass through if
client isn't on the same subnet? Is this a bug?
--
View this message in context: http://www.nabble.com/decryption-fai...p19146541.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org