Hi,
I just updated to version 5.57 and the config I used for ever does not work anymore. I regenerated the self certs using the "Build a Self-signed stunnel.pem" in Windows and made sure the CN was matching the hostname of the server machine.
I understand there is an issue with the self signed certificate... ...but it was working fine under 5.56.
Server configuration [Server_SyncThing] cert = stunnel.pem accept = 999 connect = 127.0.0.1:24596 ciphers = PSK PSKsecrets = psk.txt
Client configuration [SyncThing] client = yes accept = 127.0.0.1:24596 connect = 192.168.0.102:999 verifyPeer = yes CAfile = stunnel.pem PSKsecrets = psk.txt
Service [SyncThing] connected remote server from 192.168.1.44:5455 2020.10.12 14:25:06 LOG7[33]: Setting remote socket options (FD=1516) 2020.10.12 14:25:06 LOG7[33]: Option TCP_NODELAY set on remote socket 2020.10.12 14:25:06 LOG7[33]: Remote descriptor (FD=1516) initialized 2020.10.12 14:25:06 LOG6[33]: SNI: sending servername: 192.168.0.102 2020.10.12 14:25:06 LOG6[33]: Peer certificate required 2020.10.12 14:25:06 LOG7[33]: TLS state (connect): before SSL initialization 2020.10.12 14:25:06 LOG7[33]: Initializing application specific data for session authenticated 2020.10.12 14:25:06 LOG6[33]: PSK client configured for identity "user1" 2020.10.12 14:25:06 LOG7[33]: Initializing application specific data for session authenticated 2020.10.12 14:25:06 LOG7[33]: TLS state (connect): SSLv3/TLS write client hello 2020.10.12 14:25:06 LOG7[33]: TLS state (connect): SSLv3/TLS write client hello 2020.10.12 14:25:06 LOG7[33]: TLS state (connect): SSLv3/TLS read server hello 2020.10.12 14:25:06 LOG7[33]: TLS state (connect): TLSv1.3 read encrypted extensions 2020.10.12 14:25:06 LOG7[33]: Verification started at depth=0: C=FR, ST=Centre, L=Marseilles, O=CA, OU=CA, CN= TRUCK-D98J8TY 2020.10.12 14:25:06 LOG4[33]: CERT: Pre-verification error: unsupported certificate purpose 2020.10.12 14:25:06 LOG4[33]: Rejected by CERT at depth=0: C=FR, ST=Centre, L=Marseilles, O=CA, OU=CA, CN= TRUCK-D98J8TY 2020.10.12 14:25:06 LOG7[33]: TLS alert (write): fatal: unsupported certificate 2020.10.12 14:25:06 LOG3[33]: SSL_connect: ssl/statem/statem_clnt.c:1913: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed 2020.10.12 14:25:06 LOG5[33]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2020.10.12 14:25:06 LOG7[33]: Deallocating application specific data for session connect address 2020.10.12 14:25:06 LOG7[33]: Deallocating application specific data for session connect address 2020.10.12 14:25:06 LOG7[33]: Remote descriptor (FD=1516) closed
Any help would be welcome.
Thanks.