I am trying to use stunnel to act as a forwarder to GMail.
My config file looks like:client = yes
socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1
[gmail] accept = 25 connect = smtp.gmail.com:465 ;CAfile = peer-gmail.pem ;verify = 3
I saved the peer certificate and when I attempt to send mail, the log looks like this:
2012.05.08 16:01:35 LOG5[31036:19408]: Service [gmail] connected remote server from 192.168.1.9:42580 2012.05.08 16:01:35 LOG4[31036:19408]: CERT: Verification error: unable to get local issuer certificate 2012.05.08 16:01:35 LOG4[31036:19408]: Certificate check failed: depth=1, /C=US/O=Google Inc/CN=Google Internet Authority 2012.05.08 16:01:35 LOG3[31036:19408]: SSL_connect: 14090086: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed 2012.05.08 16:01:35 LOG5[31036:19408]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket 2012.05.08 16:02:35 LOG5[31036:34312]: Service [gmail] accepted connection from 192.168.1.10:49303 2012.05.08 16:02:35 LOG5[31036:34312]: connect_blocking: connected 173.194.79.108:465 2012.05.08 16:02:35 LOG5[31036:34312]: Service [gmail] connected remote server from 192.168.1.9:42619 2012.05.08 16:02:36 LOG4[31036:34312]: CERT: Verification error: unable to get local issuer certificate 2012.05.08 16:02:36 LOG4[31036:34312]: Certificate check failed: depth=1, /C=US/O=Google Inc/CN=Google Internet Authority 2012.05.08 16:02:36 LOG3[31036:34312]: SSL_connect: 14090086: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed 2012.05.08 16:02:36 LOG5[31036:34312]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket
Please tell me what I'm doing wrong so I can fix it.
Van Brown
Try verify = 4 and see if that works for you.
From the manual:
level 4 Ignore CA chain and only verify peer certificate.
Regards,
Thomas
On 5/8/2012 5:35 PM, Van Brown wrote:
I am trying to use stunnel to act as a forwarder to GMail.
My config file looks like: client = yes
socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1
[gmail] accept = 25 connect = smtp.gmail.com:465 ;CAfile = peer-gmail.pem ;verify = 3
I saved the peer certificate and when I attempt to send mail, the log looks like this:
2012.05.08 16:01:35 LOG5[31036:19408]: Service [gmail] connected remote server from 192.168.1.9:42580 2012.05.08 16:01:35 LOG4[31036:19408]: CERT: Verification error: unable to get local issuer certificate 2012.05.08 16:01:35 LOG4[31036:19408]: Certificate check failed: depth=1, /C=US/O=Google Inc/CN=Google Internet Authority 2012.05.08 16:01:35 LOG3[31036:19408]: SSL_connect: 14090086: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed 2012.05.08 16:01:35 LOG5[31036:19408]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket 2012.05.08 16:02:35 LOG5[31036:34312]: Service [gmail] accepted connection from 192.168.1.10:49303 2012.05.08 16:02:35 LOG5[31036:34312]: connect_blocking: connected 173.194.79.108:465 2012.05.08 16:02:35 LOG5[31036:34312]: Service [gmail] connected remote server from 192.168.1.9:42619 2012.05.08 16:02:36 LOG4[31036:34312]: CERT: Verification error: unable to get local issuer certificate 2012.05.08 16:02:36 LOG4[31036:34312]: Certificate check failed: depth=1, /C=US/O=Google Inc/CN=Google Internet Authority 2012.05.08 16:02:36 LOG3[31036:34312]: SSL_connect: 14090086: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed 2012.05.08 16:02:36 LOG5[31036:34312]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket
Please tell me what I'm doing wrong so I can fix it.
Van Brown
stunnel-users mailing list stunnel-users@stunnel.org http://stunnel.mirt.net/mailman/listinfo/stunnel-users
-
Thomas Eifert -
Van Brown