I've read the fine manual, and spent quite a while experimenting, but still have not managed to get stunnel to actually run. I have tried my own from-scratch configuration file, as well as a modified version of stunnel.conf-sample, with the same result, which is currently:
2006.11.13 16:18:16 LOG3[14237:2684415384]: error stack: 140B3009 : error:140B3009:SSL routines:SSL_CTX_use_RSAPrivateKey_file:PEM lib 2006.11.13 16:18:16 LOG3[14237:2684415384]: SSL_CTX_use_RSAPrivateKey_file: 906D06C: error:0906D06C:PEM routines:PEM_read_bio:no start line
Note that this is when running stunnel with sudo (since it needs root privs to read my certificate file -- cert.pem -- and I imagine may need them for other things too). If I turn the Debug option up to 7, then I get a few lines about the PRNG, followed by
2006.11.13 16:21:33 LOG7[14249:2684415384]: Certificate: /usr/local/etc/stunnel/cert.pem 2006.11.13 16:21:33 LOG7[14249:2684415384]: Certificate loaded 2006.11.13 16:21:33 LOG7[14249:2684415384]: Key file: /usr/local/etc/stunnel/cert.pem 2
and then followed by the same errors as above.
I'm running under OS X 10.4.8, compiled and installed stunnel-4.19 just today, and I have a key.pem and cert.pem obtained from StartCom. Note that the above errors were obtained with no "key=" line in my .conf file; it wasn't clear to me if I need that for my goal (which is layering HTTPS service over my existing HTTP server). But I also tried specifying the path to my key.pem, and that results in different errors:
2006.11.13 16:24:29 LOG7[14259:2684415384]: Key file: /usr/local/etc/stunnel/key.pem 2006.11.13 16:24:29 LOG3[14259:2684415384]: error stack: 140B3009 : error:140B3009:SSL routines:SSL_CTX_use_RSAPrivateKey_file:PEM lib 2006.11.13 16:24:29 LOG3[14259:2684415384]: error stack: 906A065 : error:0906A065:PEM routines:PEM_do_header:bad decrypt 2006.11.13 16:24:29 LOG3[14259:2684415384]: error stack: 6065064 : error:06065064:digital envelope routines:EVP_DecryptFinal:bad decrypt 2006.11.13 16:24:29 LOG3[14259:2684415384]: Wrong pass phrase: retrying 2006.11.13 16:24:29 LOG3[14259:2684415384]: error stack: 140B3009 : error:140B3009:SSL routines:SSL_CTX_use_RSAPrivateKey_file:PEM lib 2006.11.13 16:24:29 LOG3[14259:2684415384]: error stack: 906A065 : error:0906A065:PEM routines:PEM_do_header:bad decrypt 2006.11.13 16:24:29 LOG3[14259:2684415384]: SSL_CTX_use_RSAPrivateKey_file: 6065064: error:06065064:digital envelope routines:EVP_DecryptFinal:bad decrypt
..of course, it never asked me for my pass phrase, so maybe it's not surprising that whatever it's using is wrong. But I don't see how to make it ask me for one. Can anyone give me a clue?
Thanks, - Joe
--