Hello,

after a day of trying..

server stunnel.conf (192.168.0.52):

debug = 7
cert = stunnel.pem
verify = 2
CAfile = certs.pem
options = NO_SSLv2

[unison]
accept = 10001
connect = 127.0.0.1:10000

client stunnel.conf (192.168.0.216):

client = yes
debug = 7
cert = stunnel.pem
verify = 2
CAfile = certs.pem
options = NO_SSLv2

[unison]
client = yes
accept = 127.0.0.1:10000
connect = 192.168.0.52:10001

Test #1: OK

C:\Program Files (x86)\stunnel> .\openssl verify -CAfile certs.pem stunnel.pem
stunnel.pem: OK

C:\Program Files (x86)\stunnel> .\openssl verify -CAfile certs.pem certs.pem
certs.pem: OK

Test #2: OK

C:\Program Files (x86)\stunnel> .\openssl s_server -accept 10001 -cert stunnel.pem -verify 2 -CAfile certs.pem -no_ssl2

vs

C:\Program Files (x86)\stunnel> .\openssl s_client -connect 192.168.0.52:10001 -cert stunnel.pem -verify 2 -CAfile certs.pem -no_ssl2

Test #3: OK - "certificate accepted"

C:\Program Files (x86)\stunnel> .\openssl s_server -accept 10001 -cert stunnel.pem -verify 2 -CAfile certs.pem -no_ssl2

vs

stunnel client

Test #4: OK - "certificate accepted"

stunnel server

vs

C:\Program Files (x86)\stunnel> .\openssl s_client -connect 192.168.0.52:10001 -cert stunnel.pem -verify 2 -CAfile certs.pem -no_ssl2

Test #5: FAILED

stunnel server

Service unison accepted connection from 192.168.0.216:23134
2012.02.14 09:02:39 LOG3[134028:132792]: SSL_accept: 140943F2: error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected message
2012.02.14 09:02:39 LOG5[134028:132792]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket

vs

stunnel client

2012.02.14 09:02:33 LOG5[2500:5876]: Service unison connected remote server from 192.168.0.216:23134
2012.02.14 09:02:33 LOG7[2500:5876]: Remote FD=372 initialized
2012.02.14 09:02:33 LOG3[2500:5876]: SSL_connect: 140870E8: error:140870E8:SSL routines:SSL3_GET_CERTIFICATE_REQUEST:tls client cert req with anon cipher
2012.02.14 09:02:33 LOG5[2500:5876]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket


After a stunnel.conf reload on both box (yes, only a reload) then the following details and differences appear:

stunnel server vs openssl s_client : OK - "certificate accepted"

2012.02.14 09:42:02 LOG5[134236:132440]: Service unison accepted connection from 192.168.0.216:23698
2012.02.14 09:42:02 LOG7[134236:132440]: SSL state (accept): before/accept initialization
2012.02.14 09:42:02 LOG7[134236:132440]: SSL state (accept): SSLv3 read client hello B
2012.02.14 09:42:02 LOG7[134236:132440]: SSL state (accept): SSLv3 write server hello A
2012.02.14 09:42:02 LOG7[134236:132440]: SSL state (accept): SSLv3 write certificate A
2012.02.14 09:42:02 LOG7[134236:132440]: SSL state (accept): SSLv3 write key exchange A
2012.02.14 09:42:02 LOG7[134236:132440]: SSL state (accept): SSLv3 write certificate request A
2012.02.14 09:42:02 LOG7[134236:132440]: SSL state (accept): SSLv3 flush data
2012.02.14 09:42:02 LOG7[134236:132440]: Starting certificate verification: depth=0, /C=HU/ST=Mazovia Province/L=Budapest/O=-/OU=client/CN=x-pc
2012.02.14 09:42:02 LOG5[134236:132440]: Certificate accepted: depth=0, /C=HU/ST=Mazovia Province/L=Budapest/O=-/OU=client/CN=x-pc

2012.02.14 09:42:02 LOG7[134236:132440]: SSL state (accept): SSLv3 read client certificate A
2012.02.14 09:42:02 LOG7[134236:132440]: SSL state (accept): SSLv3 read client key exchange A
2012.02.14 09:42:02 LOG7[134236:132440]: SSL state (accept): SSLv3 read certificate verify A
2012.02.14 09:42:02 LOG7[134236:132440]: SSL state (accept): SSLv3 read finished A
2012.02.14 09:42:02 LOG7[134236:132440]: SSL state (accept): SSLv3 write session ticket A
2012.02.14 09:42:02 LOG7[134236:132440]: SSL state (accept): SSLv3 write change cipher spec A
2012.02.14 09:42:02 LOG7[134236:132440]: SSL state (accept): SSLv3 write finished A
2012.02.14 09:42:02 LOG7[134236:132440]: SSL state (accept): SSLv3 flush data

stunnel server vs stunnel client : FAILED

server:

2012.02.14 09:45:24 LOG5[134236:134552]: Service unison accepted connection from 192.168.0.216:23752
2012.02.14 09:45:24 LOG7[134236:134552]: SSL state (accept): before/accept initialization
2012.02.14 09:45:24 LOG7[134236:134552]: SSL state (accept): SSLv3 read client hello B
2012.02.14 09:45:24 LOG7[134236:134552]: SSL state (accept): SSLv3 write server hello A
2012.02.14 09:45:24 LOG7[134236:134552]: SSL state (accept): SSLv3 write key exchange A
2012.02.14 09:45:24 LOG7[134236:134552]: SSL state (accept): SSLv3 write certificate request A
2012.02.14 09:45:24 LOG7[134236:134552]: SSL state (accept): SSLv3 flush data
2012.02.14 09:45:24 LOG7[134236:134552]: SSL alert (read): fatal: unexpected_message
2012.02.14 09:45:24 LOG3[134236:134552]: SSL_accept: 140943F2: error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected message
2012.02.14 09:45:24 LOG5[134236:134552]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
2012.02.14 09:45:24 LOG7[134236:134552]: Service unison finished (0 left)

client:

2012.02.14 09:45:18 LOG5[1100:7176]: Service unison connected remote server from 192.168.0.216:23752
2012.02.14 09:45:18 LOG7[1100:7176]: Remote FD=452 initialized
2012.02.14 09:45:18 LOG7[1100:7176]: SSL state (connect): before/connect initialization
2012.02.14 09:45:18 LOG7[1100:7176]: SSL state (connect): SSLv3 write client hello A
2012.02.14 09:45:18 LOG7[1100:7176]: SSL state (connect): SSLv3 read server hello A
2012.02.14 09:45:18 LOG7[1100:7176]: SSL state (connect): SSLv3 read server key exchange A
2012.02.14 09:45:18 LOG7[1100:7176]: SSL alert (write): fatal: unexpected_message
2012.02.14 09:45:18 LOG3[1100:7176]: SSL_connect: 140870E8: error:140870E8:SSL routines:SSL3_GET_CERTIFICATE_REQUEST:tls client cert req with anon cipher
2012.02.14 09:45:18 LOG5[1100:7176]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket

Please, give me some clues.


Thank you,

Laszlo