<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Apple Color Emoji";
panose-1:0 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Andale Mono";
panose-1:2 11 5 9 0 0 0 0 0 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.p1, li.p1, div.p1
{mso-style-name:p1;
margin:0cm;
margin-bottom:.0001pt;
background:black;
font-size:9.0pt;
font-family:"Andale Mono";
color:#28FE14;}
span.E-MailFormatvorlage19
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.s1
{mso-style-name:s1;}
span.E-MailFormatvorlage21
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style>
</head>
<body lang="DE" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><a name="_MailOriginalBody"><span lang="EN-US" style="font-size:11.0pt">Hello everybody,</span><o:p></o:p></a></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-US" style="font-size:11.0pt">I’m trying to get of the Gmail-POP3 working but run into an error message which seems to be related to checkHost, since commenting it out it enables
the connection to be established </span></span><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-US" style="font-size:11.0pt;font-family:"Apple Color Emoji"">☹</span></span><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-US" style="font-size:11.0pt">
The service is configured as follows:</span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">[gmail-pop3]</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">client = yes</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">accept = 127.0.0.1:110</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">connect = pop.gmail.com:995</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">checkHost = pop.gmail.com</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">verifyChain = yes</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">CApath = /etc/ssl/certs/</span></span><o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-US" style="font-size:11.0pt"> </span><o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-US" style="font-size:11.0pt">I also found Parker (</span></span><a href="https://www.stunnel.org/pipermail/stunnel-users/2018-January/005902.html"><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-US" style="font-size:11.0pt">https://www.stunnel.org/pipermail/stunnel-users/2018-January/005902.html</span></span><span style="mso-bookmark:_MailOriginalBody"></span></a><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-US" style="font-size:11.0pt">)
running the same version as me but his platform is different from mine (Alpine, LibreSSL). Could this be the reason?</span><o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-US" style="font-size:11.0pt"> </span><o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-US" style="font-size:11.0pt">Here the startup and connection portion of my log:</span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 08:58:13 LOG7[ui]: Clients allowed=512000</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 08:58:13 LOG5[ui]: stunnel 5.44 on x86_64-alpine-linux-musl platform</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 08:58:13 LOG5[ui]: Compiled/running with LibreSSL 2.6.3</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 08:58:13 LOG5[ui]: Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,OCSP,SNI</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 08:58:13 LOG7[ui]: errno: (*__errno_location())</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 08:58:13 LOG5[ui]: Reading configuration from file /etc/stunnel/stunnel.conf</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 08:58:13 LOG5[ui]: UTF-8 byte order mark not detected</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 08:58:13 LOG7[ui]: Snagged 64 random bytes from /dev/urandom</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 08:58:13 LOG7[ui]: PRNG seeded successfully</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 08:58:13 LOG6[ui]: Initializing service [redis]</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 08:58:13 LOG7[ui]: Ciphers: HIGH:!DH:!aNULL:!SSLv2</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 08:58:13 LOG7[ui]: TLS options: 0x00000004 (+0x00000000, -0x00000000)</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 08:58:13 LOG7[ui]: No certificate or private key specified</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 08:58:13 LOG5[ui]: Configuration successful</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 08:58:13 LOG7[ui]: Binding service [redis]</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 08:58:13 LOG7[ui]: Listening file descriptor created (FD=7)</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 08:58:13 LOG7[ui]: Option SO_REUSEADDR set on accept socket</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 08:58:13 LOG7[ui]: Service [redis] (FD=7) bound to 0.0.0.0:6379</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 08:58:13 LOG7[ui]: No pid file being created</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 08:58:13 LOG7[cron]: Cron thread initialized</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 09:36:41 LOG7[ui]: Found 1 ready file descriptor(s)</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 09:36:41 LOG7[ui]: FD=4 events=0x2001 revents=0x0</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 09:36:41 LOG7[ui]: FD=3 events=0x2001 revents=0x0</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 09:36:41 LOG7[ui]: FD=7 events=0x2001 revents=0x1</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 09:36:41 LOG7[ui]: Service [gmail-pop3] accepted (FD=8) from 127.0.0.1:42040</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 09:36:41 LOG7[6]: Service [gmail-pop3] started</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 09:36:41 LOG7[6]: Option TCP_NODELAY set on local socket</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 09:36:41 LOG5[6]: Service [gmail-pop3] accepted connection from 127.0.0.1:42040</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 09:36:41 LOG6[6]: failover: round-robin, starting at entry #2</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 09:36:41 LOG6[6]: s_connect: connecting 2a00:1450:4013:c00::6c:995</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 09:36:41 LOG3[6]: s_connect: connect 2a00:1450:4013:c00::6c:995: Network unreachable (101)</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 09:36:41 LOG6[6]: s_connect: connecting 108.177.119.108:995</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 09:36:41 LOG7[6]: s_connect: s_poll_wait 108.177.119.108:995: waiting 10 seconds</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 09:36:41 LOG5[6]: s_connect: connected 108.177.119.108:995</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 09:36:41 LOG5[6]: Service [gmail-pop3] connected remote server from 10.244.0.21:51954</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 09:36:41 LOG7[6]: Option TCP_NODELAY set on remote socket</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 09:36:41 LOG7[6]: Remote descriptor (FD=9) initialized</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 09:36:41 LOG6[6]: SNI: sending servername: pop.gmail.com</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 09:36:41 LOG6[6]: Peer certificate required</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 09:36:41 LOG7[6]: TLS state (connect): before/connect initialization</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 09:36:41 LOG7[6]: TLS state (connect): SSLv3 write client hello A</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 09:36:41 LOG7[6]: TLS state (connect): SSLv3 read server hello A</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 09:36:41 LOG7[6]: Verification started at depth=2: OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 09:36:41 LOG7[6]: CERT: Pre-verification succeeded</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 09:36:41 LOG6[6]: Certificate accepted at depth=2: OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 09:36:41 LOG7[6]: Verification started at depth=1: C=US, O=Google Trust Services, CN=Google Internet Authority G3</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 09:36:41 LOG7[6]: CERT: Pre-verification succeeded</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 09:36:41 LOG6[6]: Certificate accepted at depth=1: C=US, O=Google Trust Services, CN=Google Internet Authority G3</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 09:36:41 LOG7[6]: Verification started at depth=0: C=US, ST=California, L=Mountain View, O=Google Inc, CN=pop.gmail.com</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 09:36:41 LOG7[6]: CERT: Pre-verification succeeded</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 09:36:41 LOG4[6]: CERT: No matching host name found</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 09:36:41 LOG4[6]: Rejected by CERT at depth=0: C=US, ST=California, L=Mountain View, O=Google Inc, CN=pop.gmail.com</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 09:36:41 LOG7[6]: TLS alert (write): fatal: certificate unknown</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 09:36:41 LOG3[6]: SSL_connect: 14007086: error:14007086:SSL routines:CONNECT_CR_CERT:certificate verify failed</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 09:36:41 LOG5[6]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 09:36:41 LOG7[6]: Deallocating application specific data for session connect address</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 09:36:41 LOG7[6]: Remote descriptor (FD=9) closed</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 09:36:41 LOG7[6]: Local descriptor (FD=8) closed</span></span><o:p></o:p></span></p>
<p class="p1"><span style="mso-bookmark:_MailOriginalBody"><span class="s1"><span lang="EN-US">2018.01.22 09:36:41 LOG7[6]: Service [gmail-pop3] finished (0 left)</span></span><o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-US" style="font-size:11.0pt"> </span><o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-US" style="font-size:11.0pt"> </span><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;mso-fareast-language:DE">Mit freundlichen Grüßen / Best regards
</span><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;mso-fareast-language:DE"> </span><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="mso-bookmark:_MailOriginalBody"><b><span style="font-size:10.0pt;font-family:"Arial",sans-serif;mso-fareast-language:DE">Gerrit Schmitz</span></b><o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailOriginalBody"><b><span style="font-size:10.0pt;font-family:"Arial",sans-serif;mso-fareast-language:DE">CC-AD/PJ-MBB</span></b><o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailOriginalBody"> <o:p></o:p></span></p>
</div>
</body>
</html>