Hi,

I just updated to version 5.57 and the config I used for ever does not work anymore.

I regenerated the self certs using the "Build a Self-signed stunnel.pem" in Windows and made sure the CN was matching the hostname

of the server machine.

I understand there is an issue with the self signed certificate... ...but it was working fine under 5.56.

Server configuration

[Server_SyncThing]
cert = stunnel.pem
accept = 999
connect = 127.0.0.1:24596
ciphers = PSK
PSKsecrets = psk.txt

Client configuration

[SyncThing]
client = yes
accept = 127.0.0.1:24596
connect = 192.168.0.102:999
verifyPeer = yes
CAfile = stunnel.pem
PSKsecrets = psk.txt

Service [SyncThing] connected remote server from 192.168.1.44:5455
2020.10.12 14:25:06 LOG7[33]: Setting remote socket options (FD=1516)
2020.10.12 14:25:06 LOG7[33]: Option TCP_NODELAY set on remote socket
2020.10.12 14:25:06 LOG7[33]: Remote descriptor (FD=1516) initialized
2020.10.12 14:25:06 LOG6[33]: SNI: sending servername: 192.168.0.102
2020.10.12 14:25:06 LOG6[33]: Peer certificate required
2020.10.12 14:25:06 LOG7[33]: TLS state (connect): before SSL initialization
2020.10.12 14:25:06 LOG7[33]: Initializing application specific data for session authenticated
2020.10.12 14:25:06 LOG6[33]: PSK client configured for identity "user1"
2020.10.12 14:25:06 LOG7[33]: Initializing application specific data for session authenticated
2020.10.12 14:25:06 LOG7[33]: TLS state (connect): SSLv3/TLS write client hello
2020.10.12 14:25:06 LOG7[33]: TLS state (connect): SSLv3/TLS write client hello
2020.10.12 14:25:06 LOG7[33]: TLS state (connect): SSLv3/TLS read server hello
2020.10.12 14:25:06 LOG7[33]: TLS state (connect): TLSv1.3 read encrypted extensions
2020.10.12 14:25:06 LOG7[33]: Verification started at depth=0: C=FR, ST=Centre, L=Marseilles, O=CA, OU=CA, CN= TRUCK-D98J8TY
2020.10.12 14:25:06 LOG4[33]: CERT: Pre-verification error: unsupported certificate purpose
2020.10.12 14:25:06 LOG4[33]: Rejected by CERT at depth=0: C=FR, ST=Centre, L=Marseilles, O=CA, OU=CA, CN= TRUCK-D98J8TY
2020.10.12 14:25:06 LOG7[33]: TLS alert (write): fatal: unsupported certificate
2020.10.12 14:25:06 LOG3[33]: SSL_connect: ssl/statem/statem_clnt.c:1913: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
2020.10.12 14:25:06 LOG5[33]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2020.10.12 14:25:06 LOG7[33]: Deallocating application specific data for session connect address
2020.10.12 14:25:06 LOG7[33]: Deallocating application specific data for session connect address
2020.10.12 14:25:06 LOG7[33]: Remote descriptor (FD=1516) closed

Any help would be welcome.

Thanks.