On Fri, 7 Oct 2005, David T. Ashley wrote:
BEGIN********************** Oct 7 03:57:09 pamc stunnel[3006]: VERIFY OK: depth=0, /C=US/ST=Ohio/L=Sandusky/O=Test Company/OU=SMTP/CN=myserver.mydomain Oct 7 03:57:12 pamc stunnel[3006]: Connection closed: 44 bytes sent to SSL, 6 bytes sent to socket Oct 7 04:00:05 pamc stunnel[3006]: ssmtp connected from 70.226.90.31:1873 Oct 7 04:00:05 pamc stunnel[3006]: VERIFY ERROR: depth=0, error=self signed certificate: /C=PL/O=Stunnel Developers Ltd/CN=localhost Oct 7 04:00:05 pamc stunnel[3006]: SSL_accept: 140890B2: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned END************************
Is this looking right?
Not entirely. I've little time today but will try to help you on your way.
This says "no certificate returned", right? You want 'certificate refused' or something.
Check the CRL section of the manual? You'll need this to indicate which certificates are no longer allowed access to the server. Unless you use the 'only valid certificates in this path' option. Take 30 mins to read the manpage, it'll help :).
http://www.stunnel.org/faq/stunnel.html#global_options
Just browse through the options.
Is this process as simple as being sure that stunnel.pem on the server matches stunnel.pem on the client.
Looks like it is working, but is there anything else I need to look out for?
Outlook can not present a client certificate (known bug). That might be a problem (?). Be sure to test this with Thunderbird.
Jan