Thanks to James email today. I was able to get it to work. Quoting James here.
The solution was to remove the "cert" line from the configuration file. The "verify" level had to stay at 0.
This did the trick.
James Moe-2 wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hello, (I sent this yesterday but that one seems to have gotten lost....) Stunnel v4.20. When connecting to SBC/Yahoo, the session is terminated with a "bad certificate" message. See the log below. The tech folks claim all is well at their end. Is there something I am missing here? Here is the conf file:
....[ conf ]....
socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 client = yes output = G:/c/voice/pmmdev/testcase/bin/stunnel.log verify = 0 debug = 7 cert = g:/c/voice/pmmdev/testcase/bin/sma-test.pem
[sbc] accept = localhost:6325 connect = smtp.att.yahoo.com:465
....[ end conf ]....
....[ connection log ]....
2008.11.11 00:14:17 LOG7[223:1737]: sbc accepted FD=15 from 127.0.0.1:61053 2008.11.11 00:14:17 LOG7[223:1737]: Creating a new thread 2008.11.11 00:14:17 LOG7[223:1737]: New thread created 2008.11.11 00:14:17 LOG7[251:1737]: sbc started 2008.11.11 00:14:17 LOG7[251:1737]: FD 15 in non-blocking mode 2008.11.11 00:14:17 LOG7[251:1737]: TCP_NODELAY option set on local socket 2008.11.11 00:14:17 LOG5[251:1737]: sbc accepted connection from 127.0.0.1:61053 2008.11.11 00:14:17 LOG7[251:1737]: FD 16 in non-blocking mode 2008.11.11 00:14:17 LOG7[251:1737]: sbc connecting 69.147.64.31:465 2008.11.11 00:14:17 LOG7[251:1737]: connect_wait: waiting 10 seconds 2008.11.11 00:14:17 LOG7[251:1737]: connect_wait: connected 2008.11.11 00:14:17 LOG5[251:1737]: sbc connected remote server from 192.168.69.14:61054 2008.11.11 00:14:17 LOG7[251:1737]: Remote FD=16 initialized 2008.11.11 00:14:17 LOG7[251:1737]: TCP_NODELAY option set on remote socket 2008.11.11 00:14:17 LOG7[251:1737]: SSL state (connect): before/connect initialization 2008.11.11 00:14:17 LOG7[251:1737]: SSL state (connect): SSLv3 write client hello A 2008.11.11 00:14:17 LOG7[251:1737]: SSL state (connect): SSLv3 read server hello A 2008.11.11 00:14:17 LOG5[251:1737]: VERIFY IGNORE: depth=0, /C=US/ST=California/L=Santa Clara/O=Yahoo! Inc./OU=Yahoo/CN=smtp.att.yahoo.com 2008.11.11 00:14:17 LOG5[251:1737]: VERIFY OK: depth=0, /C=US/ST=California/L=Santa Clara/O=Yahoo! Inc./OU=Yahoo/CN=smtp.att.yahoo.com 2008.11.11 00:14:17 LOG5[251:1737]: VERIFY IGNORE: depth=0, /C=US/ST=California/L=Santa Clara/O=Yahoo! Inc./OU=Yahoo/CN=smtp.att.yahoo.com 2008.11.11 00:14:17 LOG5[251:1737]: VERIFY OK: depth=0, /C=US/ST=California/L=Santa Clara/O=Yahoo! Inc./OU=Yahoo/CN=smtp.att.yahoo.com 2008.11.11 00:14:17 LOG5[251:1737]: VERIFY IGNORE: depth=0, /C=US/ST=California/L=Santa Clara/O=Yahoo! Inc./OU=Yahoo/CN=smtp.att.yahoo.com 2008.11.11 00:14:17 LOG5[251:1737]: VERIFY OK: depth=0, /C=US/ST=California/L=Santa Clara/O=Yahoo! Inc./OU=Yahoo/CN=smtp.att.yahoo.com 2008.11.11 00:14:17 LOG7[251:1737]: SSL state (connect): SSLv3 read server certificate A 2008.11.11 00:14:17 LOG7[251:1737]: SSL state (connect): SSLv3 read server certificate request A 2008.11.11 00:14:17 LOG7[251:1737]: SSL state (connect): SSLv3 read server done A 2008.11.11 00:14:17 LOG7[251:1737]: SSL state (connect): SSLv3 write client certificate A 2008.11.11 00:14:17 LOG7[251:1737]: SSL state (connect): SSLv3 write client key exchange A 2008.11.11 00:14:17 LOG7[251:1737]: SSL state (connect): SSLv3 write certificate verify A 2008.11.11 00:14:17 LOG7[251:1737]: SSL state (connect): SSLv3 write change cipher spec A 2008.11.11 00:14:17 LOG7[251:1737]: SSL state (connect): SSLv3 write finished A 2008.11.11 00:14:17 LOG7[251:1737]: SSL state (connect): SSLv3 flush data 2008.11.11 00:14:18 LOG7[251:1737]: SSL alert (read): fatal: bad certificate 2008.11.11 00:14:18 LOG3[251:1737]: SSL_connect: 14094412: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate 2008.11.11 00:14:18 LOG5[251:1737]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2008.11.11 00:14:18 LOG7[251:1737]: sbc finished (0 left)
....[ end log ]....
jimoe (at) sohnen-moe (dot) com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (OS/2)
iD8DBQFJGe4zzTcr8Prq0ZMRAhSPAJ4h6YHyR+/W5brb7FK1tbbW1zYZ+wCglxpC 9k2qqpP2hN99BL0TnsNhlnw= =P74g -----END PGP SIGNATURE----- _______________________________________________ stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users