I have downloaded the remote certificates, and configured stunnel:
client = no
accept = 127.0.0.1:9400
connect = 192.111.85.171:9400
cert = C:\Certificates\gain-futures-chain.pem
verifyChain = yes
verifyPeer = yes
checkHost = 192.111.85.171
checkIP = api.gainfutures.com
sslVersion = TLSv1.1
options = NO_SSLv2
options = NO_SSLv3
OCSPaia = yes
This results in the failure to initialize the tLS context:
2024.07.15 08:40:50 LOG7[service]: Found 1 ready file descriptor(s)
2024.07.15 08:40:50 LOG7[service]: FD=580 ifds=r-x ofds=r--
2024.07.15 08:40:50 LOG7[service]: FD=640 ifds=r-x ofds=---
2024.07.15 08:40:50 LOG7[service]: Dispatching a signal from the signal pipe
2024.07.15 08:40:50 LOG7[service]: Processing SIGNAL_RELOAD_CONFIG
2024.07.15 08:40:50 LOG6[service]: Initializing inetd mode configuration
2024.07.15 08:40:50 LOG7[service]: Running on Windows 6.2
2024.07.15 08:40:50 LOG5[service]: Reading configuration from file C:\Program Files (x86)\stunnel\config\stunnel.conf
2024.07.15 08:40:50 LOG5[service]: UTF-8 byte order mark not detected
2024.07.15 08:40:50 LOG5[service]: FIPS mode disabled
2024.07.15 08:40:50 LOG6[service]: Compression disabled
2024.07.15 08:40:50 LOG7[service]: No PRNG seeding was required
2024.07.15 08:40:50 LOG6[service]: Initializing service [GainFuturesConnect]
2024.07.15 08:40:50 LOG7[service]: Initializing context [GainFuturesConnect]
2024.07.15 08:40:50 LOG6[service]: OpenSSL security level is used: 2
2024.07.15 08:40:50 LOG7[service]: Ciphers: HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK
2024.07.15 08:40:50 LOG7[service]: TLSv1.3 ciphersuites: TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256
2024.07.15 08:40:50 LOG7[service]: TLS options: 0x2100000 (+0x2000000, -0x0)
2024.07.15 08:40:50 LOG6[service]: Session resumption enabled
2024.07.15 08:40:50 LOG6[service]: Loading certificate from file: C:\Certificates\gain-futures-chain.pem
2024.07.15 08:40:50 LOG3[service]: error queue: ssl/ssl_rsa.c:472: error:0A080002:SSL routines::system lib
2024.07.15 08:40:50 LOG3[service]: error queue: crypto/bio/bss_file.c:300: error:10080002:BIO routines::system lib
2024.07.15 08:40:50 LOG3[service]: SSL_CTX_use_certificate_chain_file: crypto/bio/bss_file.c:297: error:80000002:system library::No such file or directory
2024.07.15 08:40:50 LOG3[service]: Service [GainFuturesConnect]: Failed to initialize TLS context
2024.07.15 08:40:50 LOG3[service]: Configuration failed
2024.07.15 08:40:50 LOG7[service]: Deallocating temporary section defaults
2024.07.15 08:40:50 LOG7[service]: Cleaning up context [(null)]
2024.07.15 08:40:50 LOG7[service]: Deallocating section [GainFuturesConnect]
2024.07.15 08:40:50 LOG7[service]: Cleaning up context [GainFuturesConnect]
2024.07.15 08:40:50 LOG3[service]: Failed to reload the configuration file
This is the best I can gather regarding getting verification of the REMOTE certificate. The problem is that I am unable to connect if I cannot verify their certificate - they are not looking at my certificate.
Any help would be appreciated.
Thank you!
-William Wood