Hello
It's my mistake. When I configured the server/client, I think : "Connection will open and die"
In reality, connection still opened, but the certificate is denied, when we use it.
Sorry
2015-12-02 14:37 GMT+01:00 Michal Trojnara Michal.Trojnara@mirt.net:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
I noticed a typo in my email. What I meant was: "If nothing is logged *then* this instance of stunnel is not used at all (which clearly explains why it doesn't work as expected)."
Mike
On 02.12.2015 14:34, Michal Trojnara wrote:
Hi Mehdi B.,
You still didn't include the logs of an actual attempted connection.
Every connection serviced by stunnel logs a number of lines. If nothing is logged than this instance of stunnel is not used at all (which clearly explains why it doesn't work as expected).
Mike
On 02.12.2015 14:23, Mehdi B. wrote:
Hi
I try an easiest configuration :
root@auditd:~# cat /etc/stunnel/2.conf| sed '/^;/d;/^$/d' debug = 7 output = /var/lib/stunnel/2/log/2.log [2] verify = 2 CRLfile = /var/lib/stunnel/2/crl/CA.crl.pem CAFile = /var/lib/stunnel/2/ca/CA.pem cert = /var/lib/stunnel/2/2.cert key = /var/lib/stunnel/2/2.key client = yes accept = 127.0.0.1:23 connect = 127.0.0.1:59062
Doesn't work :
2015.12.02 14:14:19 LOG7[cron]: Cron started 2015.12.02 14:14:19 LOG7[ui]: Clients allowed=500 2015.12.02 14:14:19 LOG5[ui]: stunnel 5.26 on x86_64-unknown-linux-gnu platform 2015.12.02 14:14:19 LOG5[ui]: Compiled/running with OpenSSL 1.0.1e 11 Feb 2013 2015.12.02 14:14:19 LOG5[ui]: Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI 2015.12.02 14:14:19 LOG7[ui]: errno: (*__errno_location ()) 2015.12.02 14:14:19 LOG5[ui]: Reading configuration from file /etc/stunnel/2.conf 2015.12.02 14:14:19 LOG5[ui]: UTF-8 byte order mark not detected 2015.12.02 14:14:19 LOG5[ui]: FIPS mode disabled 2015.12.02 14:14:19 LOG7[ui]: Compression disabled 2015.12.02 14:14:19 LOG7[ui]: Snagged 64 random bytes from /root/.rnd 2015.12.02 14:14:19 LOG7[ui]: Wrote 1024 new random bytes to /root/.rnd 2015.12.02 14:14:19 LOG7[ui]: PRNG seeded successfully 2015.12.02 14:14:19 LOG6[ui]: Initializing service [2] 2015.12.02 14:14:19 LOG6[ui]: Loading certificate from file: /var/lib/stunnel/2/2.cert 2015.12.02 14:14:19 LOG6[ui]: Loading key from file: /var/lib/stunnel/2/2.key 2015.12.02 14:14:19 LOG7[ui]: Private key check succeeded 2015.12.02 14:14:19 LOG7[ui]: Loaded /var/lib/stunnel/2/crl/CA.crl.pem revocation lookup file 2015.12.02 14:14:19 LOG4[ui]: Service [2] uses "verify = 2" without subject checks 2015.12.02 14:14:19 LOG4[ui]: Rebuild your stunnel against OpenSSL version 1.0.2 or higher 2015.12.02 14:14:19 LOG4[ui]: Use "checkHost" or "checkIP" to restrict trusted certificates 2015.12.02 14:14:19 LOG7[ui]: SSL options: 0x03000004 (+0x03000000, -0x00000000) 2015.12.02 14:14:19 LOG5[ui]: Configuration successful 2015.12.02 14:14:19 LOG7[ui]: Listening file descriptor created (FD=6) 2015.12.02 14:14:19 LOG7[ui]: Service [2] (FD=6) bound to 127.0.0.1:23 2015.12.02 14:14:19 LOG7[main]: No pid file being created
CRL doesn't work, because I don't do a checkHost?
Regards
2015-12-02 13:59 GMT+01:00 Mehdi B. likarum@gmail.com:
Hello
I'm affraid, but logs are activated in debug mode :
debug = 7 output = /log/2.log
I'll try with 5.26 and a simplest configuration
Thank you
2015-12-02 13:20 GMT+01:00 Michal Trojnara Michal.Trojnara@mirt.net:
Hi Mehdi B.,
You have forgotten to include the most important parts of the log files, which are the logs of an actual attempted connection. We cannot see the certificate verification logs without it. Of course the initialization logs are also useful.
CRL verification was rewritten from scratch in stunnel 5.24, so please use stunnel 5.26 for testing.
Try to simplify your configuration as much as possible: 1. Get rid of chroot/setuid/setgid 2. Replace CApath with CAfile. 3. Replace CRLpath with CRLfile.
Once you get the most basic configuration working, you can re-add advanced features one-by-one to see which one causes the problem.
Mike
On 02.12.2015 12:30, Mehdi B. wrote:
> Hello everybody > > I am using stunnel in server mode with mutual > authentication. Auth is ok, but the crl didn't work, and > I need it in production next week.... I do many tries > with CRLpath/CRLfile, with my production version (5.08), > the last one (5.26) > > Same result. With a revoked certificate, my client > connect on the server. > > Do you have some idea? Or maybe found my mistake? > > > If you need something else please contact me. > > Stunnel 1 is the server. Stunnel 1 certificate is > revoked > > > ** Configuration ** > > > *** root@auditd:/var/lib/stunnel/2/ca# cat > /etc/stunnel/1.conf *** ; * Global options * > > chroot = /var/lib/stunnel/1/ > > ; Chroot jail can be escaped if setuid option is not > used setuid = stunnel5 setgid = stunnel5 > > pid = /pid/1.pid > > ;debug = 0 debug = 7 output = /log/1.log > > ;foreground = yes > > > > options = NO_SSLv2 options = NO_SSLv3 options = > DONT_INSERT_EMPTY_FRAGMENTS > > [1] verify = 2 > > CAFile = /root/CA/CA.cert > > cert = /root/CA/1.cert key = /root/CA/1.key > > client = no accept = 127.0.0.1:59062 connect = > 127.0.0.1:22 ciphers = ECDHE-RSA-AES256-GCM-SHA384 > sslVersion = TLSv1.2 > > > > *** root@auditd:/var/lib/stunnel/2/ca# cat > /etc/stunnel/2.conf *** ; * Global options * > > chroot = /var/lib/stunnel/2/ > > ; Chroot jail can be escaped if setuid option is not > used setuid = stunnel5 setgid = stunnel5 > > pid = /pid/2.pid > > ;debug = 0 debug = 7 output = /log/2.log > > ;foreground = yes > > > > options = NO_SSLv2 options = NO_SSLv3 options = > DONT_INSERT_EMPTY_FRAGMENTS > > [2] verify = 2 > > ;CRLfile = /var/lib/stunnel/2/CA.crl.pem ;CAFile = > /var/lib/stunnel/2/CA.pem > > CRLpath = /crl/ CApath = /ca/ > > cert = /var/lib/stunnel/2/2.cert key = > /var/lib/stunnel/2/2.key > > client = yes accept = 127.0.0.1:23 connect = > 127.0.0.1:59062 ciphers = ECDHE-RSA-AES256-GCM-SHA384 > sslVersion = TLSv1.2 > > > > > > > ** Logs ** > > ==> /var/lib/stunnel/1/log/1.log <== 2015.12.02 12:11:46 > LOG7[25595]: Clients allowed=500 2015.12.02 12:11:46 > LOG5[25595]: stunnel 5.08 on x86_64-unknown-linux-gnu > platform 2015.12.02 12:11:46 LOG5[25595]: > Compiled/running with OpenSSL 1.0.1e 11 Feb 2013 > 2015.12.02 12:11:46 LOG5[25595]: Threading:PTHREAD > Sockets:POLL,IPv6 SSL:ENGINE,OCSP,FIPS Auth:LIBWRAP > 2015.12.02 12:11:46 LOG7[25595]: errno: > (*__errno_location ()) 2015.12.02 12:11:46 LOG5[25595]: > Reading configuration from file /etc/stunnel/1.conf > 2015.12.02 12:11:46 LOG5[25595]: UTF-8 byte order mark > not detected 2015.12.02 12:11:46 LOG5[25595]: FIPS mode > disabled 2015.12.02 12:11:46 LOG7[25595]: Compression > disabled 2015.12.02 12:11:46 LOG7[25595]: Snagged 64 > random bytes from /root/.rnd 2015.12.02 12:11:46 > LOG7[25595]: Wrote 1024 new random bytes to /root/.rnd > 2015.12.02 12:11:46 LOG7[25595]: PRNG seeded successfully > 2015.12.02 12:11:46 LOG6[25595]: Initializing service [1] > 2015.12.02 12:11:46 LOG6[25595]: Loading cert from file: > /root/CA/1.cert 2015.12.02 12:11:46 LOG6[25595]: Loading > key from file: /root/CA/1.key 2015.12.02 12:11:46 > LOG7[25595]: Private key check succeeded 2015.12.02 > 12:11:46 LOG7[25595]: Loaded /root/CA/CA.cert revocation > lookup file 2015.12.02 12:11:46 LOG7[25595]: Client CA > list: /root/CA/CA.cert 2015.12.02 12:11:46 LOG6[25595]: > Client CA: C=FR, ST=Some-State, O=Internet Widgits Pty > Ltd 2015.12.02 12:11:46 LOG7[25595]: DH initialization > 2015.12.02 12:11:46 LOG7[25595]: Could not load DH > parameters from /root/CA/1.cert 2015.12.02 12:11:46 > LOG7[25595]: Using hardcoded DH parameters 2015.12.02 > 12:11:46 LOG7[25595]: DH initialized with 2048-bit key > 2015.12.02 12:11:46 LOG7[25595]: ECDH initialization > 2015.12.02 12:11:46 LOG7[25595]: ECDH initialized with > curve prime256v1 2015.12.02 12:11:46 LOG7[25595]: SSL > options: 0x03000804 (+0x03000800, -0x00000000) 2015.12.02 > 12:11:46 LOG5[25595]: Configuration successful 2015.12.02 > 12:11:46 LOG7[25595]: Listening file descriptor created > (FD=6) 2015.12.02 12:11:46 LOG7[25595]: Service [1] > (FD=6) bound to 127.0.0.1:59062 2015.12.02 12:11:46 > LOG7[25596]: Created pid file /pid/1.pid > > ==> /var/lib/stunnel/2/log/2.log <== 2015.12.02 12:11:46 > LOG7[25604]: Clients allowed=500 2015.12.02 12:11:46 > LOG5[25604]: stunnel 5.08 on x86_64-unknown-linux-gnu > platform 2015.12.02 12:11:46 LOG5[25604]: > Compiled/running with OpenSSL 1.0.1e 11 Feb 2013 > 2015.12.02 12:11:46 LOG5[25604]: Threading:PTHREAD > Sockets:POLL,IPv6 SSL:ENGINE,OCSP,FIPS Auth:LIBWRAP > 2015.12.02 12:11:46 LOG7[25604]: errno: > (*__errno_location ()) 2015.12.02 12:11:46 LOG5[25604]: > Reading configuration from file /etc/stunnel/2.conf > 2015.12.02 12:11:46 LOG5[25604]: UTF-8 byte order mark > not detected 2015.12.02 12:11:46 LOG5[25604]: FIPS mode > disabled 2015.12.02 12:11:46 LOG7[25604]: Compression > disabled 2015.12.02 12:11:46 LOG7[25604]: Snagged 64 > random bytes from /root/.rnd 2015.12.02 12:11:46 > LOG7[25604]: Wrote 1024 new random bytes to /root/.rnd > 2015.12.02 12:11:46 LOG7[25604]: PRNG seeded successfully > 2015.12.02 12:11:46 LOG6[25604]: Initializing service [2] > 2015.12.02 12:11:46 LOG6[25604]: Loading cert from file: > /var/lib/stunnel/2/2.cert 2015.12.02 12:11:46 > LOG6[25604]: Loading key from file: > /var/lib/stunnel/2/2.key 2015.12.02 12:11:46 > LOG7[25604]: Private key check succeeded 2015.12.02 > 12:11:46 LOG7[25604]: Verify directory set to /ca/ > 2015.12.02 12:11:46 LOG7[25604]: Added /ca/ revocation > lookup directory 2015.12.02 12:11:46 LOG7[25604]: Added > /crl/ revocation lookup directory 2015.12.02 12:11:46 > LOG7[25604]: SSL options: 0x03000804 (+0x03000800, > -0x00000000) 2015.12.02 12:11:46 LOG5[25604]: > Configuration successful 2015.12.02 12:11:46 LOG7[25604]: > Listening file descriptor created (FD=6) 2015.12.02 > 12:11:46 LOG7[25604]: Service [2] (FD=6) bound to > 127.0.0.1:23 2015.12.02 12:11:46 LOG7[25605]: Created pid > file /pid/2.pid > > > ** ls ** > > root@auditd:/var/lib/stunnel/2/ca# ll total 4 lrwxrwxrwx > 1 root root 6 Dec 2 12:05 1a870aad.0 -> CA.pem > lrwxrwxrwx 1 root root 6 Dec 2 12:05 aeb35906.0 -> > CA.pem -rw-r----- 1 stunnel5 root 1919 Dec 1 16:55 > CA.pem root@auditd:/var/lib/stunnel/2/ca# ll ../crl/ > total 4 lrwxrwxrwx 1 root root 10 Dec 2 12:04 > aeb35906.r0 -> CA.crl.pem -rw-r----- 1 stunnel5 root 1129 > Dec 2 11:42 CA.crl.pem > > > > ** check openssl ** > > root@auditd:~/stunnel-5.26# openssl verify -crl_check > -CAfile /var/lib/stunnel/2/ca/aeb35906.0 -CRLfile > /var/lib/stunnel/2/crl/aeb35906.r0 /root/CA/1.cert > /root/CA/1.cert: C = FR, ST = FR, O = PLOP, CN = 1 error > 23 at 0 depth lookup:certificate revoked > > > ** other :** > > root@auditd:~/CA# openssl crl -in > /opt/syslog-ng/etc/crl/1a870aad.r0 -text Certificate > Revocation List (CRL): Version 2 (0x1) Signature > Algorithm: sha256WithRSAEncryption Issuer: > /C=FR/ST=Some-State/O=Internet Widgits Pty Ltd Last > Update: Dec 2 09:04:38 2015 GMT Next Update: Jan 1 > 09:04:38 2016 GMT CRL extensions: X509v3 CRL Number: 2 > Revoked Certificates: Serial Number: 01 Revocation Date: > Dec 1 14:46:38 2015 GMT Serial Number: 02 Revocation > Date: Dec 2 09:04:29 2015 GMT Serial Number: 03 > Revocation Date: Dec 2 07:25:34 2015 GMT Serial Number: > 04 Revocation Date: Dec 2 07:27:45 2015 GMT Serial > Number: 05 Revocation Date: Dec 2 07:32:21 2015 GMT > Serial Number: 06 Revocation Date: Dec 2 08:21:48 2015 > GMT Signature Algorithm: sha256WithRSAEncryption > 16:24:d4:f8:77:82:7b:ca:70:1a:01:26:5f:83:9f:13:6f:51: > 67:85:b0:2c:a7:25:c1:46:66:ca:b8:46:74:85:4a:ca:26:2b: > ff:46:e7:91:a3:10:09:ce:6b:84:1d:58:a1:4a:1c:38:ac:1a: > 58:fc:50:0a:7a:1e:1c:5c:f9:2b:ef:25:7a:93:27:b3:5e:65: > d6:66:89:33:23:52:fd:0d:38:7e:66:d6:74:d7:e4:b2:72:d8: > 74:49:73:d3:2a:b5:e0:23:8a:03:b5:c6:ce:2a:f4:03:ef:8c: > 50:83:be:9f:68:04:47:79:ff:5d:4b:cb:8a:cd:3c:6a:5f:02: > 33:e6:61:86:ff:4c:f3:74:2c:81:70:c1:13:05:43:54:1a:04: > a0:7b:df:fe:f8:e5:50:53:ce:2c:04:86:36:ed:0a:98:24:72: > 5e:68:1a:23:7f:8e:85:5c:2c:2b:7b:df:23:56:fe:2f:c7:da: > ec:ca:8f:48:a0:29:15:72:38:e3:ff:48:1e:89:30:b1:72:1b: > 21:3f:0b:e0:ad:eb:89:c3:65:70:cc:29:03:f0:6e:73:be:c8: > 24:64:93:b8:7b:af:21:a0:67:24:5a:be:e8:b0:ec:e0:a1:5f: > 0c:a9:e5:de:09:39:08:23:60:d9:d9:4e:07:a2:f2:1e:4f:96: > 0c:b7:c6:bb:5b:2a:e3:78:92:2e:fa:39:9c:ae:d4:4c:b2:b2: > e3:7f:2a:58:14:86:80:97:fd:5e:95:b1:9d:d6:23:3d:cc:ce: > 2b:0b:65:b2:43:f5:15:fb:20:2c:72:8f:fd:62:7d:7f:54:80: > 54:22:22:42:15:7b:27:18:2f:24:70:81:ca:44:cc:c4:d8:9c: > d8:99:69:f2:fd:4a:7f:3e:11:57:91:25:d8:6f:42:ae:b0:d5: > bc:fd:cd:0b:9b:a5:c2:f6:d0:ce:8b:e3:66:7b:78:03:90:a6: > ca:44:f9:e1:cb:80:70:2e:db:b0:3c:d1:fc:5a:d8:f5:fd:c6: > 44:5f:4f:19:f5:da:13:a5:2f:11:f3:db:73:22:a1:98:83:b0: > 44:0d:2b:59:2f:3a:54:fb:00:a0:8f:1b:19:2b:c0:3c:9d:fb: > f0:80:50:9a:9e:7b:b6:46:84:d3:df:b2:36:6b:d2:97:53:f9: > da:1e:8c:7a:e8:40:15:17:3b:17:b7:c6:0d:e0:64:e4:68:96: > 11:43:d2:d8:d4:f8:1b:7b:44:15:29:d9:ca:e5:3a:97:b6:b4: > c6:b9:2b:c2:8a:6d:47:62:75:33:a1:dd:e9:93:28:eb:82:00: > 8d:ef:0d:b6:17:72:a6:59:95:4c:97:fa:47:a8:ff:27:60:dd: > c1:6e:6a:62:dc:1b:a8:e7 -----BEGIN X509 CRL----- > MIIDGTCCAQECAQEwDQYJKoZIhvcNAQELBQAwRTELMAkGA1UEBhMCRlIxEzARBgNV > >
>
BAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0
> ZBcNMTUxMjAyMDkwNDM4WhcNMTYwMTAxMDkwNDM4WjB4MBICAQEXDTE1MTIwMTE0 > >
>
NDYzOFowEgIBAhcNMTUxMjAyMDkwNDI5WjASAgEDFw0xNTEyMDIwNzI1MzRaMBIC
> AQQXDTE1MTIwMjA3Mjc0NVowEgIBBRcNMTUxMjAyMDczMjIxWjASAgEGFw0xNTEy > >
>
MDIwODIxNDhaoA4wDDAKBgNVHRQEAwIBAjANBgkqhkiG9w0BAQsFAAOCAgEAFiTU
> +HeCe8pwGgEmX4OfE29RZ4WwLKclwUZmyrhGdIVKyiYr/0bnkaMQCc5rhB1YoUoc > >
>
OKwaWPxQCnoeHFz5K+8lepMns15l1maJMyNS/Q04fmbWdNfksnLYdElz0yq14COK
> A7XGzir0A++MUIO+n2gER3n/XUvLis08al8CM+Zhhv9M83QsgXDBEwVDVBoEoHvf > >
>
/vjlUFPOLASGNu0KmCRyXmgaI3+OhVwsK3vfI1b+L8fa7MqPSKApFXI44/9IHokw
> sXIbIT8L4K3ricNlcMwpA/Buc77IJGSTuHuvIaBnJFq+6LDs4KFfDKnl3gk5CCNg > >
>
2dlOB6LyHk+WDLfGu1sq43iSLvo5nK7UTLKy438qWBSGgJf9XpWxndYjPczOKwtl
> skP1FfsgLHKP/WJ9f1SAVCIiQhV7JxgvJHCBykTMxNic2Jlp8v1Kfz4RV5El2G9C > >
>
rrDVvP3NC5ulwvbQzovjZnt4A5CmykT54cuAcC7bsDzR/FrY9f3GRF9PGfXaE6Uv
> EfPbcyKhmIOwRA0rWS86VPsAoI8bGSvAPJ378IBQmp57tkaE09+yNmvSl1P52h6M > >
>
euhAFRc7F7fGDeBk5GiWEUPS2NT4G3tEFSnZyuU6l7a0xrkrwoptR2J1M6Hd6ZMo
> 64IAje8NthdyplmVTJf6R6j/J2DdwW5qYtwbqOc= -----END X509 > CRL----- > > root@auditd:~/CA# openssl x509 -in > /opt/syslog-ng/etc/cert.d/1.cert -text Certificate: > Data: Version: 3 (0x2) Serial Number: 6 (0x6) Signature > Algorithm: sha256WithRSAEncryption Issuer: C=FR, > ST=Some-State, O=Internet Widgits Pty Ltd Validity Not > Before: Dec 2 07:32:36 2015 GMT Not After : Nov 29 > 07:32:36 2025 GMT Subject: C=FR, ST=FR, O=PLOP, CN=1 > Subject Public Key Info: Public Key Algorithm: > rsaEncryption Public-Key: (4096 bit) Modulus: > 00:ae:2a:9e:a6:6f:54:eb:f7:1f:7f:d6:67:b5:68: > 11:9d:a8:79:93:78:e8:b6:48:f6:64:7e:e5:bf:72: > 33:61:6f:4a:e9:c0:25:f6:61:47:de:f7:a3:5d:3d: > da:fa:2d:97:08:20:5b:b1:a9:10:2b:50:18:ca:40: > ea:16:f8:3d:a5:5e:cc:18:d4:80:30:62:cc:4c:b7: > 2b:99:9e:6a:3a:09:97:2b:1d:79:36:d2:53:7a:8d: > 96:4f:20:c0:f3:ac:e9:01:d1:a0:d7:00:37:83:1f: > 64:ee:df:4f:27:61:a2:5f:94:66:be:35:58:9e:52: > a0:91:0a:00:57:13:d5:b4:b3:90:10:8c:42:4f:34: > 69:3f:9c:1b:7d:9b:ae:eb:79:8d:d9:9d:2c:3c:74: > 58:c2:ba:a5:34:e5:15:01:45:d3:47:85:82:eb:34: > b2:21:ba:97:2b:4e:90:92:4f:85:19:c7:b0:7f:cd: > 8c:49:08:4e:32:d0:9e:34:af:b9:02:aa:40:2e:af: > f5:6b:41:92:9f:5a:ab:09:b5:bd:7a:73:fe:4d:f4: > 1b:c6:23:22:15:7c:b5:47:e1:88:bd:8a:b7:d7:1b: > 5e:4a:53:f9:41:33:e9:30:97:ce:9b:b4:88:77:f6: > 35:9c:47:a7:12:5d:98:9e:e4:1c:27:bf:bd:e5:85: > b1:c1:1f:dc:17:03:c0:00:9f:0b:d8:40:c3:1c:31: > f3:9b:60:17:05:0d:ac:79:9e:53:2b:aa:da:78:e7: > f4:a8:3e:f9:14:f1:40:1f:47:df:45:c7:57:14:3d: > 26:68:9c:a7:77:da:29:50:85:1c:e3:62:e6:66:f0: > 5e:59:6f:35:61:32:e4:a8:7d:a1:30:b5:85:69:0e: > e3:fd:8e:67:78:c3:47:58:5d:88:36:65:85:09:52: > 46:47:bb:48:03:9c:e5:42:48:66:7d:34:7d:01:9c: > 67:ea:82:f0:d5:4e:9b:64:0c:c6:db:1c:0d:2a:de: > 67:ba:a5:04:44:4a:fc:12:94:77:b0:30:fc:d0:06: > 26:d4:e8:94:ed:a1:78:4d:cd:fa:8b:a4:4e:45:fc: > cf:2b:d8:47:11:e0:68:e0:78:36:34:4f:76:5c:76: > 4b:69:02:4c:22:47:57:10:92:ce:b9:d8:20:7e:80: > 80:a7:ca:55:7c:41:a4:0a:0e:08:e0:86:e2:63:9f: > e4:f6:e0:13:fd:67:7a:14:f7:e2:fe:6e:14:2a:ba: > 80:e1:29:0d:7c:5a:36:91:60:ae:9b:14:6f:1e:2d: > 40:b9:28:03:e5:d6:f8:f4:64:6d:ca:8b:1d:38:48: > 30:92:fa:6f:75:c9:7a:62:61:47:0e:32:3e:e5:7e: 0a:3b:d5 > Exponent: 65537 (0x10001) X509v3 extensions: X509v3 > Basic Constraints: CA:FALSE Netscape Comment: OpenSSL > Generated Certificate X509v3 Subject Key Identifier: > 33:1A:1E:42:87:07:1F:05:83:C6:14:DE:5D:BC:90:89:8C:10:39:44 > >
X509v3 Authority Key Identifier:
> > keyid:C0:B7:97:89:CD:42:1E:6A:FB:7D:AE:3B:1E:A1:30:7E:94:FA:FB:35 > > >
>
X509v3 CRL Distribution Points:
> > Full Name: URI:https://deb.plop.net/ssl/ > > Signature Algorithm: sha256WithRSAEncryption > ad:d7:d0:1f:d1:f2:10:88:d4:4c:5e:fe:80:88:96:35:55:26: > 12:8d:1f:1f:38:d2:36:6e:75:00:37:e8:45:28:eb:c3:b5:e7: > 71:90:91:5a:96:2d:b6:3e:5b:c0:45:84:e5:dc:07:65:63:54: > b1:06:4b:6a:ee:63:80:54:63:4c:72:1a:2f:eb:00:7c:36:0b: > 18:22:3a:d2:90:e6:3f:69:9a:cf:b7:50:72:19:f6:3d:d5:19: > fa:2a:46:09:cf:86:f7:12:0e:2c:4a:59:6c:26:45:2b:52:90: > 72:55:a9:7d:16:27:db:ba:19:cb:c8:96:4c:e1:42:79:6b:ab: > f9:87:97:43:e0:d1:71:2d:ef:fc:c9:f0:02:b1:7d:6c:59:ef: > fd:00:76:4b:a7:f9:9c:1a:05:90:5b:df:2e:35:52:c7:79:f9: > f3:31:d5:3f:60:2a:93:78:48:19:3b:53:43:ed:ee:f0:39:c8: > fa:88:b8:7e:b0:5e:ce:73:c2:b2:c2:da:95:39:d9:1e:b7:02: > d7:98:20:31:d2:91:c2:c9:61:45:cd:9b:f1:54:3d:17:df:96: > 09:3d:11:96:b4:97:2a:9f:e8:9e:77:d4:1b:67:d9:a1:9d:1e: > b8:d9:58:3a:b4:26:24:23:d5:a0:d6:52:78:1d:2f:d9:ce:f4: > 41:66:82:7c:56:d9:df:a0:08:cb:b4:ae:2a:79:16:bf:91:09: > 46:be:35:17:44:73:7b:48:e0:3e:f4:03:45:a7:36:3e:8e:8e: > 58:7c:02:a9:c7:9d:22:98:bc:d3:05:90:81:39:d6:00:09:a4: > 33:58:0f:57:b9:a5:e2:d0:3f:e4:ad:4e:47:a4:af:98:b6:d0: > 49:f0:f9:d5:9b:b1:18:c6:fb:7d:3d:18:6c:90:62:1f:cb:c9: > 97:00:92:57:29:32:1d:be:02:61:af:1f:17:48:eb:6a:b0:a2: > f4:96:e1:0f:24:63:11:c7:66:2f:bc:7e:c2:e0:fd:25:3c:ac: > 83:5b:05:35:b3:45:64:8e:93:21:3d:ed:1c:95:ae:24:55:98: > 07:5f:99:71:28:8e:01:5d:94:16:62:03:a1:63:1f:08:88:6f: > 9b:0b:db:43:21:31:4a:08:a2:a2:f6:af:7a:b3:20:94:5f:7d: > 2f:53:3a:20:ea:08:5f:db:38:89:24:83:bd:9c:a0:78:ea:68: > cd:39:47:b8:b6:f3:f4:bb:14:cc:e8:d0:24:59:7e:fc:0f:05: > e9:73:18:5b:5d:31:0b:d2:e0:17:0f:ff:0d:b8:39:54:32:42: > a2:07:b3:d3:53:5c:89:f7:b4:c3:44:60:7e:0c:5f:d1:80:e8: > d2:6b:89:8d:1f:a9:79:7b -----BEGIN CERTIFICATE----- > MIIFnDCCA4SgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJGUjET > >
>
MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ
> dHkgTHRkMB4XDTE1MTIwMjA3MzIzNloXDTI1MTEyOTA3MzIzNlowNDELMAkGA1UE > >
>
BhMCRlIxCzAJBgNVBAgMAkZSMQwwCgYDVQQKDANPVkgxCjAIBgNVBAMMATEwggIi
> MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCuKp6mb1Tr9x9/1me1aBGdqHmT > >
>
eOi2SPZkfuW/cjNhb0rpwCX2YUfe96NdPdr6LZcIIFuxqRArUBjKQOoW+D2lXswY
> 1IAwYsxMtyuZnmo6CZcrHXk20lN6jZZPIMDzrOkB0aDXADeDH2Tu308nYaJflGa+ > >
>
NVieUqCRCgBXE9W0s5AQjEJPNGk/nBt9m67reY3ZnSw8dFjCuqU05RUBRdNHhYLr
> NLIhupcrTpCST4UZx7B/zYxJCE4y0J40r7kCqkAur/VrQZKfWqsJtb16c/5N9BvG > >
>
IyIVfLVH4Yi9irfXG15KU/lBM+kwl86btIh39jWcR6cSXZie5Bwnv73lhbHBH9wX
> A8AAnwvYQMMcMfObYBcFDax5nlMrqtp45/SoPvkU8UAfR99Fx1cUPSZonKd32ilQ > >
>
hRzjYuZm8F5ZbzVhMuSofaEwtYVpDuP9jmd4w0dYXYg2ZYUJUkZHu0gDnOVCSGZ9
> NH0BnGfqgvDVTptkDMbbHA0q3me6pQRESvwSlHewMPzQBibU6JTtoXhNzfqLpE5F > >
>
/M8r2EcR4GjgeDY0T3ZcdktpAkwiR1cQks652CB+gICnylV8QaQKDgjghuJjn+T2
> 4BP9Z3oU9+L+bhQquoDhKQ18WjaRYK6bFG8eLUC5KAPl1vj0ZG3Kix04SDCS+m91 > >
>
yXpiYUcOMj7lfgo71QIDAQABo4GnMIGkMAkGA1UdEwQCMAAwLAYJYIZIAYb4QgEN
> BB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQzGh5C > >
>
hwcfBYPGFN5dvJCJjBA5RDAfBgNVHSMEGDAWgBTAt5eJzUIeavt9rjseoTB+lPr7
> NTApBgNVHR8EIjAgMB6gHKAahhhodHRwczovL2RlYi5vdmgubmV0L3NzbC8wDQYJ > >
>
KoZIhvcNAQELBQADggIBAK3X0B/R8hCI1Exe/oCIljVVJhKNHx840jZudQA36EUo
> 68O153GQkVqWLbY+W8BFhOXcB2VjVLEGS2ruY4BUY0xyGi/rAHw2CxgiOtKQ5j9p > >
>
ms+3UHIZ9j3VGfoqRgnPhvcSDixKWWwmRStSkHJVqX0WJ9u6GcvIlkzhQnlrq/mH
> l0Pg0XEt7/zJ8AKxfWxZ7/0Adkun+ZwaBZBb3y41Usd5+fMx1T9gKpN4SBk7U0Pt > >
>
7vA5yPqIuH6wXs5zwrLC2pU52R63AteYIDHSkcLJYUXNm/FUPRfflgk9EZa0lyqf
> 6J531Btn2aGdHrjZWDq0JiQj1aDWUngdL9nO9EFmgnxW2d+gCMu0rip5Fr+RCUa+ > >
>
NRdEc3tI4D70A0WnNj6Ojlh8AqnHnSKYvNMFkIE51gAJpDNYD1e5peLQP+StTkek
> r5i20Enw+dWbsRjG+309GGyQYh/LyZcAklcpMh2+AmGvHxdI62qwovSW4Q8kYxHH > >
>
Zi+8fsLg/SU8rINbBTWzRWSOkyE97RyVriRVmAdfmXEojgFdlBZiA6FjHwiIb5sL
> 20MhMUoIoqL2r3qzIJRffS9TOiDqCF/bOIkkg72coHjqaM05R7i28/S7FMzo0CRZ > >
>
fvwPBelzGFtdMQvS4BcP/w24OVQyQqIHs9NTXIn3tMNEYH4MX9GA6NJriY0fqXl7
> -----END CERTIFICATE----- > _______________________________________________ > stunnel-users mailing list stunnel-users@stunnel.org > https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users >
>
>
stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAEBCAAGBQJWXvQyAAoJEC78f/DUFuAUd0YP/2OJ0rzsSJETkceYlOFCzqdz +hHZnYj0QFVjCBuecyzxIK904LV5660u7TrZRJujid98WMfOiFZWJFFmOcOItale LLENbI2LfM+T0QAr7BiIYMjgQIm0ONz/odabKl0Le6blXr0mIcyQMpM5OEfn0diP gcSxQO51tCtFoXZP0z9yvfWznioSaiaiRrBezPqXRRPiBqVzHzkdD+xDHLEaqS9J sRvm4sHlXCHMn1BaijZqaqHYKbxlNoDbxcvFxz8NmVthw0/g3uaX48cRUllSLeCu /Jm9tn7rvC5JXdg+uVSQQkwTSlAvmV0t5I01C1Akr6Sf/4nnYri738PCMwqZ9baY wT6tXBxHZDA4W5rtVTRGRMpx3gI3AH8ec5wbMvZiIfZZsGuIKzBcN8YnaHeE5YPj 8jIFtyVqNwg+pZifkIFLhCCjur0hyGS2gRiIlpCKBH/BZRazVDQA0XathYZVBykf IbJ1Cvf8oMuCZ2p5yiL7hiW78lSi2S5lhPWtAzSoZtjqouJyY6ipH/B35sBFeR5G QWMEOnSH89U24ztXm/+EBoCGfsvKLsGQITnB9XLjQRUbjaHSfbT5y3FbaYt4LbhD /Hq0/ECasrAscPBewo8OFgcJyWEBFBK6t8FqFgQu33LsQOtEh390XVRK/smYUAdG iSshl1AJJTl36JaCALXE =buSC -----END PGP SIGNATURE----- _______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users