Try the option
sslVersion=TLSv1

2008/11/11 James Moe <jimoe@sohnen-moe.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,
 (I sent this yesterday but that one seems to have gotten lost....)
 Stunnel v4.20.
 When connecting to SBC/Yahoo, the session is terminated
with a "bad certificate" message. See the log below. The tech folks claim
all is well at their end.
 Is there something I am missing here?
 Here is the conf file:

....[ conf ]....

socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
client = yes
output = G:/c/voice/pmmdev/testcase/bin/stunnel.log
verify = 0
debug  = 7
cert   = g:/c/voice/pmmdev/testcase/bin/sma-test.pem

[sbc]
 accept  = localhost:6325
 connect = smtp.att.yahoo.com:465

....[ end conf ]....

....[ connection log ]....

2008.11.11 00:14:17 LOG7[223:1737]: sbc accepted FD=15 from 127.0.0.1:61053
2008.11.11 00:14:17 LOG7[223:1737]: Creating a new thread
2008.11.11 00:14:17 LOG7[223:1737]: New thread created
2008.11.11 00:14:17 LOG7[251:1737]: sbc started
2008.11.11 00:14:17 LOG7[251:1737]: FD 15 in non-blocking mode
2008.11.11 00:14:17 LOG7[251:1737]: TCP_NODELAY option set on local socket
2008.11.11 00:14:17 LOG5[251:1737]: sbc accepted connection from
127.0.0.1:61053
2008.11.11 00:14:17 LOG7[251:1737]: FD 16 in non-blocking mode
2008.11.11 00:14:17 LOG7[251:1737]: sbc connecting 69.147.64.31:465
2008.11.11 00:14:17 LOG7[251:1737]: connect_wait: waiting 10 seconds
2008.11.11 00:14:17 LOG7[251:1737]: connect_wait: connected
2008.11.11 00:14:17 LOG5[251:1737]: sbc connected remote server from
192.168.69.14:61054
2008.11.11 00:14:17 LOG7[251:1737]: Remote FD=16 initialized
2008.11.11 00:14:17 LOG7[251:1737]: TCP_NODELAY option set on remote socket
2008.11.11 00:14:17 LOG7[251:1737]: SSL state (connect): before/connect
initialization
2008.11.11 00:14:17 LOG7[251:1737]: SSL state (connect): SSLv3 write
client hello A
2008.11.11 00:14:17 LOG7[251:1737]: SSL state (connect): SSLv3 read server
hello A
2008.11.11 00:14:17 LOG5[251:1737]: VERIFY IGNORE: depth=0,
/C=US/ST=California/L=Santa Clara/O=Yahoo! Inc./OU=Yahoo/CN=smtp.att.yahoo.com
2008.11.11 00:14:17 LOG5[251:1737]: VERIFY OK: depth=0,
/C=US/ST=California/L=Santa Clara/O=Yahoo! Inc./OU=Yahoo/CN=smtp.att.yahoo.com
2008.11.11 00:14:17 LOG5[251:1737]: VERIFY IGNORE: depth=0,
/C=US/ST=California/L=Santa Clara/O=Yahoo! Inc./OU=Yahoo/CN=smtp.att.yahoo.com
2008.11.11 00:14:17 LOG5[251:1737]: VERIFY OK: depth=0,
/C=US/ST=California/L=Santa Clara/O=Yahoo! Inc./OU=Yahoo/CN=smtp.att.yahoo.com
2008.11.11 00:14:17 LOG5[251:1737]: VERIFY IGNORE: depth=0,
/C=US/ST=California/L=Santa Clara/O=Yahoo! Inc./OU=Yahoo/CN=smtp.att.yahoo.com
2008.11.11 00:14:17 LOG5[251:1737]: VERIFY OK: depth=0,
/C=US/ST=California/L=Santa Clara/O=Yahoo! Inc./OU=Yahoo/CN=smtp.att.yahoo.com
2008.11.11 00:14:17 LOG7[251:1737]: SSL state (connect): SSLv3 read server
certificate A
2008.11.11 00:14:17 LOG7[251:1737]: SSL state (connect): SSLv3 read server
certificate request A
2008.11.11 00:14:17 LOG7[251:1737]: SSL state (connect): SSLv3 read server
done A
2008.11.11 00:14:17 LOG7[251:1737]: SSL state (connect): SSLv3 write
client certificate A
2008.11.11 00:14:17 LOG7[251:1737]: SSL state (connect): SSLv3 write
client key exchange A
2008.11.11 00:14:17 LOG7[251:1737]: SSL state (connect): SSLv3 write
certificate verify A
2008.11.11 00:14:17 LOG7[251:1737]: SSL state (connect): SSLv3 write
change cipher spec A
2008.11.11 00:14:17 LOG7[251:1737]: SSL state (connect): SSLv3 write
finished A
2008.11.11 00:14:17 LOG7[251:1737]: SSL state (connect): SSLv3 flush data
2008.11.11 00:14:18 LOG7[251:1737]: SSL alert (read): fatal: bad certificate
2008.11.11 00:14:18 LOG3[251:1737]: SSL_connect: 14094412:
error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate
2008.11.11 00:14:18 LOG5[251:1737]: Connection reset: 0 bytes sent to SSL,
0 bytes sent to socket
2008.11.11 00:14:18 LOG7[251:1737]: sbc finished (0 left)


....[ end log ]....

- --
jimoe (at) sohnen-moe (dot) com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (OS/2)

iD8DBQFJGe4zzTcr8Prq0ZMRAhSPAJ4h6YHyR+/W5brb7FK1tbbW1zYZ+wCglxpC
9k2qqpP2hN99BL0TnsNhlnw=
=P74g
-----END PGP SIGNATURE-----
_______________________________________________
stunnel-users mailing list
stunnel-users@mirt.net
http://stunnel.mirt.net/mailman/listinfo/stunnel-users



--
Christophe Nanteuil