Hello,
I am experiencing an issue with stunnel versions 5.73 and above where the server logs are continuously filled with the following message:
"OCSP: SSL_get_certificate"
This issue does not occur in version 5.72. I am using PSK for encryption and have not configured OCSP. Here are the details of my setup:
[.] stunnel 5.74 on amd64-portbld-freebsd14.1 platform
[.] Compiled with OpenSSL 3.0.13 30 Jan 2024
[.] Running with OpenSSL 3.0.15 3 Sep 2024
- Server configuration file:
```
setuid = stunnel
setgid = nogroup
pid = /var/run/stunnel/stunnel.pid
[bayes]
accept = 6478
connect = 6378
ciphers = PSK
PSKsecrets = /usr/local/etc/stunnel/psk.txt
cert = /usr/local/etc/stunnel/cert.pem
key = /usr/local/etc/stunnel/private.key
[fuzzy]
accept = 6477
connect = 6377
ciphers = PSK
PSKsecrets = /usr/local/etc/stunnel/psk.txt
cert = /usr/local/etc/stunnel/cert.pem
key = /usr/local/etc/stunnel/private.key
```
- Client configuration file:
```
setuid = stunnel
setgid = nogroup
pid = /var/run/stunnel/stunnel.pid
[bayes]
client = yes
accept = localhost:6478
connect = host.example.org:6478
ciphers = PSK
PSKsecrets = /usr/local/etc/stunnel/psk.txt
[fuzzy]
client = yes
accept = localhost:6477
connect = host.example.org:6477
ciphers = PSK
PSKsecrets = /usr/local/etc/stunnel/psk.txt
```
- Relevant log entries:
```
Dec 27 09:00:10 mx stunnel[22113]: LOG3[per-minute]: OCSP: SSL_get_certificate
```
As a temporary workaround, I generated a self-signed certificate and configured stunnel to use it. This has resolved the issue with OCSP messages. However, I believe this is not the intended behavior when using PSK without configuring OCSP.
I would appreciate any help or guidance on how to properly configure stunnel to avoid this issue without requiring a self-signed certificate.
Thank you,
Alexander
