Hi Jordan,
OpenSSL (AFAIR between versions 0.9.8 and 1.0.0) has changed the format of file names produced with the c_rehash script. You need to c_rehash the directory during the update of OpenSSL.
Mike
On 16 lipca 2014 16:11:36 CEST, Jordan Paschalidis jordan.paschalidis@xcom.de wrote:
Hello,
i have an existing stunnel-installation with CApath. I tried to setup a new stunnel-version, and copied all certifictes and had allwas an error like
2014.07.16 09:50:36 LOG7[15937:0]: Starting certificate verification: depth=1, /C=DE/emailAddress=ssladmin@v.de 2014.07.16 09:50:36 LOG4[15937:0]: CERT: Verification error: self signed certificate in certificate chain 2014.07.16 09:50:36 LOG4[15937:0]: Certificate check failed: depth=1, /C=DE/emailAddress=ssladmin@v.de 2014.07.16 09:50:36 LOG7[15937:0]: SSL alert (write): fatal: bad certificate 2014.07.16 09:50:36 LOG3[15937:0]: SSL_accept: 140890B2: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned 2014.07.16 09:50:36 LOG5[15937:0]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket
i had an hard time to find out that CApath is not working anymore. I put for test all certificates into a file and used CAfile and immediately the connection was established.
Does somebody know why CApath is not working anymore? Tested with stunnel 5.02, 4.56, 4.55, 4.54
cheers, jordan
stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users