Try the option sslVersion=TLSv1
2008/11/11 James Moe jimoe@sohnen-moe.com
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hello, (I sent this yesterday but that one seems to have gotten lost....) Stunnel v4.20. When connecting to SBC/Yahoo, the session is terminated with a "bad certificate" message. See the log below. The tech folks claim all is well at their end. Is there something I am missing here? Here is the conf file:
....[ conf ]....
socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 client = yes output = G:/c/voice/pmmdev/testcase/bin/stunnel.log verify = 0 debug = 7 cert = g:/c/voice/pmmdev/testcase/bin/sma-test.pem
[sbc] accept = localhost:6325 connect = smtp.att.yahoo.com:465
....[ end conf ]....
....[ connection log ]....
2008.11.11 00:14:17 LOG7[223:1737]: sbc accepted FD=15 from 127.0.0.1:61053 2008.11.11 00:14:17 LOG7[223:1737]: Creating a new thread 2008.11.11 00:14:17 LOG7[223:1737]: New thread created 2008.11.11 00:14:17 LOG7[251:1737]: sbc started 2008.11.11 00:14:17 LOG7[251:1737]: FD 15 in non-blocking mode 2008.11.11 00:14:17 LOG7[251:1737]: TCP_NODELAY option set on local socket 2008.11.11 00:14:17 LOG5[251:1737]: sbc accepted connection from 127.0.0.1:61053 2008.11.11 00:14:17 LOG7[251:1737]: FD 16 in non-blocking mode 2008.11.11 00:14:17 LOG7[251:1737]: sbc connecting 69.147.64.31:465 2008.11.11 00:14:17 LOG7[251:1737]: connect_wait: waiting 10 seconds 2008.11.11 00:14:17 LOG7[251:1737]: connect_wait: connected 2008.11.11 00:14:17 LOG5[251:1737]: sbc connected remote server from 192.168.69.14:61054 2008.11.11 00:14:17 LOG7[251:1737]: Remote FD=16 initialized 2008.11.11 00:14:17 LOG7[251:1737]: TCP_NODELAY option set on remote socket 2008.11.11 00:14:17 LOG7[251:1737]: SSL state (connect): before/connect initialization 2008.11.11 00:14:17 LOG7[251:1737]: SSL state (connect): SSLv3 write client hello A 2008.11.11 00:14:17 LOG7[251:1737]: SSL state (connect): SSLv3 read server hello A 2008.11.11 00:14:17 LOG5[251:1737]: VERIFY IGNORE: depth=0, /C=US/ST=California/L=Santa Clara/O=Yahoo! Inc./OU=Yahoo/CN= smtp.att.yahoo.com 2008.11.11 00:14:17 LOG5[251:1737]: VERIFY OK: depth=0, /C=US/ST=California/L=Santa Clara/O=Yahoo! Inc./OU=Yahoo/CN= smtp.att.yahoo.com 2008.11.11 00:14:17 LOG5[251:1737]: VERIFY IGNORE: depth=0, /C=US/ST=California/L=Santa Clara/O=Yahoo! Inc./OU=Yahoo/CN= smtp.att.yahoo.com 2008.11.11 00:14:17 LOG5[251:1737]: VERIFY OK: depth=0, /C=US/ST=California/L=Santa Clara/O=Yahoo! Inc./OU=Yahoo/CN= smtp.att.yahoo.com 2008.11.11 00:14:17 LOG5[251:1737]: VERIFY IGNORE: depth=0, /C=US/ST=California/L=Santa Clara/O=Yahoo! Inc./OU=Yahoo/CN= smtp.att.yahoo.com 2008.11.11 00:14:17 LOG5[251:1737]: VERIFY OK: depth=0, /C=US/ST=California/L=Santa Clara/O=Yahoo! Inc./OU=Yahoo/CN= smtp.att.yahoo.com 2008.11.11 00:14:17 LOG7[251:1737]: SSL state (connect): SSLv3 read server certificate A 2008.11.11 00:14:17 LOG7[251:1737]: SSL state (connect): SSLv3 read server certificate request A 2008.11.11 00:14:17 LOG7[251:1737]: SSL state (connect): SSLv3 read server done A 2008.11.11 00:14:17 LOG7[251:1737]: SSL state (connect): SSLv3 write client certificate A 2008.11.11 00:14:17 LOG7[251:1737]: SSL state (connect): SSLv3 write client key exchange A 2008.11.11 00:14:17 LOG7[251:1737]: SSL state (connect): SSLv3 write certificate verify A 2008.11.11 00:14:17 LOG7[251:1737]: SSL state (connect): SSLv3 write change cipher spec A 2008.11.11 00:14:17 LOG7[251:1737]: SSL state (connect): SSLv3 write finished A 2008.11.11 00:14:17 LOG7[251:1737]: SSL state (connect): SSLv3 flush data 2008.11.11 00:14:18 LOG7[251:1737]: SSL alert (read): fatal: bad certificate 2008.11.11 00:14:18 LOG3[251:1737]: SSL_connect: 14094412: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate 2008.11.11 00:14:18 LOG5[251:1737]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2008.11.11 00:14:18 LOG7[251:1737]: sbc finished (0 left)
....[ end log ]....
jimoe (at) sohnen-moe (dot) com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (OS/2)
iD8DBQFJGe4zzTcr8Prq0ZMRAhSPAJ4h6YHyR+/W5brb7FK1tbbW1zYZ+wCglxpC 9k2qqpP2hN99BL0TnsNhlnw= =P74g -----END PGP SIGNATURE----- _______________________________________________ stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users