stunnel-users October 2020

stunnel-users@stunnel.org

9 participants
13 discussions

clarification on Security BugFix released in version 5.57
by svitatissimo2004＠hotmail.com 15 Oct '20

15 Oct '20

looking the changelog of latest version of stunnle (version 5.57) I see the following statement: "The "redirect" option was fixed to properly handle "verifyChain = yes" (thx to Rob Hoes)." It is possible to have more information on the vulnerability fixed?

1 0

clarification on Security BugFix released in version 5.57
by svitatissimo2004＠hotmail.com 15 Oct '20

15 Oct '20

1 0

CERT: Pre-verification error: unsupported certificate purpose
by Bob Bob 12 Oct '20

12 Oct '20

Hi, I just updated to version 5.57 and the config I used for ever does not work anymore. I regenerated the self certs using the "Build a Self-signed stunnel.pem" in Windows and made sure the CN was matching the hostname of the server machine. I understand there is an issue with the self signed certificate... ...but it was working fine under 5.56. Server configuration [Server_SyncThing] cert = stunnel.pem accept = 999 connect = 127.0.0.1:24596 ciphers = PSK PSKsecrets = psk.txt Client configuration [SyncThing] client = yes accept = 127.0.0.1:24596 connect = 192.168.0.102:999 verifyPeer = yes CAfile = stunnel.pem PSKsecrets = psk.txt Service [SyncThing] connected remote server from 192.168.1.44:5455 2020.10.12 14:25:06 LOG7[33]: Setting remote socket options (FD=1516) 2020.10.12 14:25:06 LOG7[33]: Option TCP_NODELAY set on remote socket 2020.10.12 14:25:06 LOG7[33]: Remote descriptor (FD=1516) initialized 2020.10.12 14:25:06 LOG6[33]: SNI: sending servername: 192.168.0.102 2020.10.12 14:25:06 LOG6[33]: Peer certificate required 2020.10.12 14:25:06 LOG7[33]: TLS state (connect): before SSL initialization 2020.10.12 14:25:06 LOG7[33]: Initializing application specific data for session authenticated 2020.10.12 14:25:06 LOG6[33]: PSK client configured for identity "user1" 2020.10.12 14:25:06 LOG7[33]: Initializing application specific data for session authenticated 2020.10.12 14:25:06 LOG7[33]: TLS state (connect): SSLv3/TLS write client hello 2020.10.12 14:25:06 LOG7[33]: TLS state (connect): SSLv3/TLS write client hello 2020.10.12 14:25:06 LOG7[33]: TLS state (connect): SSLv3/TLS read server hello 2020.10.12 14:25:06 LOG7[33]: TLS state (connect): TLSv1.3 read encrypted extensions 2020.10.12 14:25:06 LOG7[33]: Verification started at depth=0: C=FR, ST=Centre, L=Marseilles, O=CA, OU=CA, CN= TRUCK-D98J8TY 2020.10.12 14:25:06 LOG4[33]: CERT: Pre-verification error: unsupported certificate purpose 2020.10.12 14:25:06 LOG4[33]: Rejected by CERT at depth=0: C=FR, ST=Centre, L=Marseilles, O=CA, OU=CA, CN= TRUCK-D98J8TY 2020.10.12 14:25:06 LOG7[33]: TLS alert (write): fatal: unsupported certificate 2020.10.12 14:25:06 LOG3[33]: SSL_connect: ssl/statem/statem_clnt.c:1913: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed 2020.10.12 14:25:06 LOG5[33]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2020.10.12 14:25:06 LOG7[33]: Deallocating application specific data for session connect address 2020.10.12 14:25:06 LOG7[33]: Deallocating application specific data for session connect address 2020.10.12 14:25:06 LOG7[33]: Remote descriptor (FD=1516) closed Any help would be welcome. Thanks.

2 1

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

stunnel-users October 2020