Good Day! I'm using Stunnel 4.21 on i686-pc-linux-gnu with OpenSSL 0.9.8g 19 Oct 2007 Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 with OpenSSL 0.9.8g 19 Oct 2007 on Fedora-like Linux server.
stunnel.conf consists: _______________________________________________________________________________ cert = /usr/local/etc/stunnel/server.crt key = /usr/local/etc/stunnel/server.pem
; Protocol version (all, SSLv2, SSLv3, TLSv1) ;sslVersion = SSLv3
; Some security enhancements for UNIX systems - comment them out on Win32 chroot = /usr/local/var/stunnel/ setuid = nobody setgid = nobody ; PID is created inside chroot jail pid = /stunnel.pid
; Some performance tunings socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 ;compression = rle
; Workaround for Eudora bug ;options = DONT_INSERT_EMPTY_FRAGMENTS
; Authentication stuff verify = 2 ; Don't forget to c_rehash CApath ; CApath is located inside chroot jail ;CApath =/usr/local/etc/stunnel/certs ; It's often easier to use CAfile CAfile = /usr/local/etc/stunnel/ca.pem ; Don't forget to c_rehash CRLpath ; CRLpath is located inside chroot jail ;CRLpath = /crls ; Alternatively you can use CRLfile ;CRLfile = /usr/local/etc/stunnel/crl.pem
; Some debugging stuff useful for troubleshooting debug = 7 output = stunnel.log
; Service-level configuration
[pop3s] accept = 995 connect = 110 ________________________________________________________________________
PKI consists:
ROOT_CA CA MAIL_CON_CA SERVER CLIENT
server.crt - Server certificate in PEM Format; server.pem - Server key in PEM Format with nopassword ca.pem - ROOT_CA, CA, MAIL_CON_CA certificates in PEM format.
When I am using MS Outlook mail Client , there are some PROBLEM with connections to SERVER:995
stunnel.log consists: ______________________________________________ 2007.12.05 14:57:39 LOG5[16668:1074107776]: stunnel 4.21 on i686-pc-linux-gnu with OpenSSL 0.9.8g 19 Oct 2007 2007.12.05 14:57:39 LOG5[16668:1074107776]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 2007.12.05 14:57:39 LOG6[16668:1074107776]: file ulimit = 1024 (can be changed with 'ulimit -n') 2007.12.05 14:57:39 LOG6[16668:1074107776]: poll() used - no FD_SETSIZE limit for file descriptors 2007.12.05 14:57:39 LOG5[16668:1074107776]: 500 clients allowed 2007.12.05 14:57:39 LOG7[16668:1074107776]: FD 6 in non-blocking mode 2007.12.05 14:57:39 LOG7[16668:1074107776]: FD 8 in non-blocking mode 2007.12.05 14:57:39 LOG7[16668:1074107776]: FD 9 in non-blocking mode 2007.12.05 14:57:39 LOG7[16668:1074107776]: SO_REUSEADDR option set on accept socket 2007.12.05 14:57:39 LOG7[16668:1074107776]: pop3s bound to 0.0.0.0:995 2007.12.05 14:57:39 LOG7[16669:1074107776]: Created pid file /stunnel.pid 2007.12.05 14:57:48 LOG7[16669:1074107776]: pop3s accepted FD=10 from 192.168.1.205:2129 2007.12.05 14:57:48 LOG7[16669:1074228016]: pop3s started 2007.12.05 14:57:48 LOG7[16669:1074228016]: FD 10 in non-blocking mode 2007.12.05 14:57:48 LOG7[16669:1074228016]: TCP_NODELAY option set on local socket 2007.12.05 14:57:48 LOG5[16669:1074228016]: pop3s accepted connection from 192.168.1.205:2129 2007.12.05 14:57:48 LOG7[16669:1074228016]: SSL state (accept): before/accept initialization 2007.12.05 14:57:48 LOG7[16669:1074228016]: SSL state (accept): SSLv3 read client hello A 2007.12.05 14:57:48 LOG7[16669:1074228016]: SSL state (accept): SSLv3 write server hello A 2007.12.05 14:57:48 LOG7[16669:1074228016]: SSL state (accept): SSLv3 write certificate A 2007.12.05 14:57:48 LOG7[16669:1074228016]: SSL state (accept): SSLv3 write certificate request A 2007.12.05 14:57:48 LOG7[16669:1074228016]: SSL state (accept): SSLv3 flush data 2007.12.05 14:57:48 LOG7[16669:1074228016]: SSL alert (write): fatal: handshake failure 2007.12.05 14:57:48 LOG3[16669:1074228016]: SSL_accept: 140890C7: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate 2007.12.05 14:57:48 LOG5[16669:1074228016]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2007.12.05 14:57:48 LOG7[16669:1074228016]: pop3s finished (0 left) ______________________________________________
I load all Server, CA , and client certificate in SYSTEM, but there is NO Connection.
Please help Me with Stunnel and Outlook using.