I have downloaded the remote certificates, and configured stunnel:
client = no accept = 127.0.0.1:9400 connect = 192.111.85.171:9400 cert = C:\Certificates\gain-futures-chain.pem verifyChain = yes verifyPeer = yes checkHost = 192.111.85.171 checkIP = api.gainfutures.com sslVersion = TLSv1.1 options = NO_SSLv2 options = NO_SSLv3 OCSPaia = yes
This results in the failure to initialize the tLS context:
2024.07.15 08:40:50 LOG7[service]: Found 1 ready file descriptor(s) 2024.07.15 08:40:50 LOG7[service]: FD=580 ifds=r-x ofds=r-- 2024.07.15 08:40:50 LOG7[service]: FD=640 ifds=r-x ofds=--- 2024.07.15 08:40:50 LOG7[service]: Dispatching a signal from the signal pipe 2024.07.15 08:40:50 LOG7[service]: Processing SIGNAL_RELOAD_CONFIG 2024.07.15 08:40:50 LOG6[service]: Initializing inetd mode configuration 2024.07.15 08:40:50 LOG7[service]: Running on Windows 6.2 2024.07.15 08:40:50 LOG5[service]: Reading configuration from file C:\Program Files (x86)\stunnel\config\stunnel.conf 2024.07.15 08:40:50 LOG5[service]: UTF-8 byte order mark not detected 2024.07.15 08:40:50 LOG5[service]: FIPS mode disabled 2024.07.15 08:40:50 LOG6[service]: Compression disabled 2024.07.15 08:40:50 LOG7[service]: No PRNG seeding was required 2024.07.15 08:40:50 LOG6[service]: Initializing service [GainFuturesConnect] 2024.07.15 08:40:50 LOG7[service]: Initializing context [GainFuturesConnect] 2024.07.15 08:40:50 LOG6[service]: OpenSSL security level is used: 2 2024.07.15 08:40:50 LOG7[service]: Ciphers: HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK 2024.07.15 08:40:50 LOG7[service]: TLSv1.3 ciphersuites: TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256 2024.07.15 08:40:50 LOG7[service]: TLS options: 0x2100000 (+0x2000000, -0x0) 2024.07.15 08:40:50 LOG6[service]: Session resumption enabled 2024.07.15 08:40:50 LOG6[service]: Loading certificate from file: C:\Certificates\gain-futures-chain.pem 2024.07.15 08:40:50 LOG3[service]: error queue: ssl/ssl_rsa.c:472: error:0A080002:SSL routines::system lib 2024.07.15 08:40:50 LOG3[service]: error queue: crypto/bio/bss_file.c:300: error:10080002:BIO routines::system lib 2024.07.15 08:40:50 LOG3[service]: SSL_CTX_use_certificate_chain_file: crypto/bio/bss_file.c:297: error:80000002:system library::No such file or directory 2024.07.15 08:40:50 LOG3[service]: Service [GainFuturesConnect]: Failed to initialize TLS context 2024.07.15 08:40:50 LOG3[service]: Configuration failed 2024.07.15 08:40:50 LOG7[service]: Deallocating temporary section defaults 2024.07.15 08:40:50 LOG7[service]: Cleaning up context [(null)] 2024.07.15 08:40:50 LOG7[service]: Deallocating section [GainFuturesConnect] 2024.07.15 08:40:50 LOG7[service]: Cleaning up context [GainFuturesConnect] 2024.07.15 08:40:50 LOG3[service]: Failed to reload the configuration file
This is the best I can gather regarding getting verification of the REMOTE certificate. The problem is that I am unable to connect if I cannot verify their certificate - they are not looking at my certificate. Any help would be appreciated. Thank you! -William Wood