Hello Michal,
yes, you are right. I read this sentence a couple of times but i could not relate it to my problem.
I have a centos 6 installation an wanted a separate openssl. I installed the stunnel and modified the init-script to contain
SSLPREFIX=/usr/local/openssl LD_LIBRARY_PATH=$SSLPREFIX/lib:$LD_LIBRARY_PATH export LD_LIBRARY_PATH
But i didn't realised that this was also needed for c_rehash.
Thanks a lot.
cheers, jordan
-------- Original-Nachricht -------- Betreff: Re: [stunnel-users] CApath not working anymore Von: Michal Trojnara Michal.Trojnara@mirt.net An: stunnel-users@stunnel.org Datum: 16.07.2014 18:49
Hi Jordan,
OpenSSL (AFAIR between versions 0.9.8 and 1.0.0) has changed the format of file names produced with the c_rehash script. You need to c_rehash the directory during the update of OpenSSL.
Mike
On 16 lipca 2014 16:11:36 CEST, Jordan Paschalidis jordan.paschalidis@xcom.de wrote:
Hello,
i have an existing stunnel-installation with CApath. I tried to setup a new stunnel-version, and copied all certifictes and had allwas an error like
2014.07.16 09:50:36 LOG7[15937:0]: Starting certificate verification: depth=1, /C=DE/emailAddress=ssladmin@v.de 2014.07.16 09:50:36 LOG4[15937:0]: CERT: Verification error: self signed certificate in certificate chain 2014.07.16 09:50:36 LOG4[15937:0]: Certificate check failed: depth=1, /C=DE/emailAddress=ssladmin@v.de 2014.07.16 09:50:36 LOG7[15937:0]: SSL alert (write): fatal: bad certificate 2014.07.16 09:50:36 LOG3[15937:0]: SSL_accept: 140890B2: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned 2014.07.16 09:50:36 LOG5[15937:0]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket
i had an hard time to find out that CApath is not working anymore. I put for test all certificates into a file and used CAfile and immediately the connection was established.
Does somebody know why CApath is not working anymore? Tested with stunnel 5.02, 4.56, 4.55, 4.54
cheers, jordan
stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users