Hello,
i have an existing stunnel-installation with CApath. I tried to setup a new stunnel-version, and copied all certifictes and had allwas an error like
2014.07.16 09:50:36 LOG7[15937:0]: Starting certificate verification: depth=1, /C=DE/emailAddress=ssladmin@v.de 2014.07.16 09:50:36 LOG4[15937:0]: CERT: Verification error: self signed certificate in certificate chain 2014.07.16 09:50:36 LOG4[15937:0]: Certificate check failed: depth=1, /C=DE/emailAddress=ssladmin@v.de 2014.07.16 09:50:36 LOG7[15937:0]: SSL alert (write): fatal: bad certificate 2014.07.16 09:50:36 LOG3[15937:0]: SSL_accept: 140890B2: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned 2014.07.16 09:50:36 LOG5[15937:0]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket
i had an hard time to find out that CApath is not working anymore. I put for test all certificates into a file and used CAfile and immediately the connection was established.
Does somebody know why CApath is not working anymore? Tested with stunnel 5.02, 4.56, 4.55, 4.54
cheers, jordan
Hi Jordan,
OpenSSL (AFAIR between versions 0.9.8 and 1.0.0) has changed the format of file names produced with the c_rehash script. You need to c_rehash the directory during the update of OpenSSL.
Mike
On 16 lipca 2014 16:11:36 CEST, Jordan Paschalidis jordan.paschalidis@xcom.de wrote:
Hello,
i have an existing stunnel-installation with CApath. I tried to setup a new stunnel-version, and copied all certifictes and had allwas an error like
2014.07.16 09:50:36 LOG7[15937:0]: Starting certificate verification: depth=1, /C=DE/emailAddress=ssladmin@v.de 2014.07.16 09:50:36 LOG4[15937:0]: CERT: Verification error: self signed certificate in certificate chain 2014.07.16 09:50:36 LOG4[15937:0]: Certificate check failed: depth=1, /C=DE/emailAddress=ssladmin@v.de 2014.07.16 09:50:36 LOG7[15937:0]: SSL alert (write): fatal: bad certificate 2014.07.16 09:50:36 LOG3[15937:0]: SSL_accept: 140890B2: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned 2014.07.16 09:50:36 LOG5[15937:0]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket
i had an hard time to find out that CApath is not working anymore. I put for test all certificates into a file and used CAfile and immediately the connection was established.
Does somebody know why CApath is not working anymore? Tested with stunnel 5.02, 4.56, 4.55, 4.54
cheers, jordan
stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
Hello Michal,
yes, you are right. I read this sentence a couple of times but i could not relate it to my problem.
I have a centos 6 installation an wanted a separate openssl. I installed the stunnel and modified the init-script to contain
SSLPREFIX=/usr/local/openssl LD_LIBRARY_PATH=$SSLPREFIX/lib:$LD_LIBRARY_PATH export LD_LIBRARY_PATH
But i didn't realised that this was also needed for c_rehash.
Thanks a lot.
cheers, jordan
-------- Original-Nachricht -------- Betreff: Re: [stunnel-users] CApath not working anymore Von: Michal Trojnara Michal.Trojnara@mirt.net An: stunnel-users@stunnel.org Datum: 16.07.2014 18:49
Hi Jordan,
OpenSSL (AFAIR between versions 0.9.8 and 1.0.0) has changed the format of file names produced with the c_rehash script. You need to c_rehash the directory during the update of OpenSSL.
Mike
On 16 lipca 2014 16:11:36 CEST, Jordan Paschalidis jordan.paschalidis@xcom.de wrote:
Hello,
i have an existing stunnel-installation with CApath. I tried to setup a new stunnel-version, and copied all certifictes and had allwas an error like
2014.07.16 09:50:36 LOG7[15937:0]: Starting certificate verification: depth=1, /C=DE/emailAddress=ssladmin@v.de 2014.07.16 09:50:36 LOG4[15937:0]: CERT: Verification error: self signed certificate in certificate chain 2014.07.16 09:50:36 LOG4[15937:0]: Certificate check failed: depth=1, /C=DE/emailAddress=ssladmin@v.de 2014.07.16 09:50:36 LOG7[15937:0]: SSL alert (write): fatal: bad certificate 2014.07.16 09:50:36 LOG3[15937:0]: SSL_accept: 140890B2: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned 2014.07.16 09:50:36 LOG5[15937:0]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket
i had an hard time to find out that CApath is not working anymore. I put for test all certificates into a file and used CAfile and immediately the connection was established.
Does somebody know why CApath is not working anymore? Tested with stunnel 5.02, 4.56, 4.55, 4.54
cheers, jordan
stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
-
Jordan Paschalidis -
Michal Trojnara