Hi,
As I understand it, Stunnel does not currently support the validation of certificate passphrases. For example, to make a connection from the client to the server, no passphrase is requested when a certificate is selected.
Are there any plans for this feature to be added to Stunnel?
Regards, PP
__________________________________ Do you Yahoo!? Make Yahoo! your home page http://www.yahoo.com/r/hs
Sorry, what I am referring to here is actually the passphrase for the private keys, and how Stunnel does not support encrypted private keys.
PP
--- Peter Pentes colemanboy@yahoo.com wrote:
Hi,
As I understand it, Stunnel does not currently support the validation of certificate passphrases. For example, to make a connection from the client to the server, no passphrase is requested when a certificate is selected.
Are there any plans for this feature to be added to Stunnel?
Regards, PP
__________________________________ Do you Yahoo!? Make Yahoo! your home page http://www.yahoo.com/r/hs _______________________________________________ stunnel-users mailing list stunnel-users@mirt.net
http://stunnel.mirt.net/mailman/listinfo/stunnel-users
____________________________________________________ Yahoo! Sports Rekindle the Rivalries. Sign up for Fantasy Football http://football.fantasysports.yahoo.com
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tue, Jun 21, 2005 at 10:29:37PM -0700, Peter Pentes wrote:
Sorry, what I am referring to here is actually the passphrase for the private keys, and how Stunnel does not support encrypted private keys.
This would be useless. How do you expect the passphrase for the encrypted private key to be obtained at stunnel startup?
Perhaps a passphrase prompt/dialog?
Of course this would be a problem if you plan on starting Stunnel automatically...
PP
--- Vasil Dimov vd@datamax.bg wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tue, Jun 21, 2005 at 10:29:37PM -0700, Peter Pentes wrote:
Sorry, what I am referring to here is actually the passphrase for the private keys, and how Stunnel
does
not support encrypted private keys.
This would be useless. How do you expect the passphrase for the encrypted private key to be obtained at stunnel startup? -----BEGIN PGP SIGNATURE-----
iD8DBQFCuVWwFw6SP/bBpCARAkH2AJ44yyFUU2UMIqBupyCqPyGSg6eeJACgwKXS
ZK8BT8QM7XXz14U9BswZ1M0= =FDLb -----END PGP SIGNATURE-----
____________________________________________________ Yahoo! Sports Rekindle the Rivalries. Sign up for Fantasy Football http://football.fantasysports.yahoo.com
Hi,
Peter Pentes wrote:
Sorry, what I am referring to here is actually the passphrase for the private keys, and how Stunnel does not support encrypted private keys.
Sorry to interrupt only this late in the thread *but* what gave you the impression stunnel does not support encrypted private keys? AFAIK it works on both the unix platform (has done for many years) and since a couple of years it also supports it on the Windows platform (I should know as I have sponsored the latter into stunnel *and* we've been using it for many years now.
Or perhaps I'm not understanding your question/problem correctly?
Jan
On Mon, Jun 27, 2005 at 03:33:33PM +0200, Jan Meijer wrote:
Hi,
Peter Pentes wrote:
Sorry, what I am referring to here is actually the passphrase for the private keys, and how Stunnel does not support encrypted private keys.
Sorry to interrupt only this late in the thread *but* what gave you the impression stunnel does not support encrypted private keys? AFAIK it works on both the unix platform (has done for many years) and since a couple of years it also supports it on the Windows platform (I should know as I have sponsored the latter into stunnel *and* we've been using it for many years now.
Or perhaps I'm not understanding your question/problem correctly?
Jan
Oh,
% stunnel stunnel.conf 2005.06.27 16:50:37 LOG5[97316:134639616]: stunnel 4.10 on i386-unknown-freebsd5.4 PTHREAD+POLL+IPv4+LIBWRAP with OpenSSL 0.9.7e 25 Oct 2004 Enter PEM pass phrase:
It seems that stunnel supports encrypted private keys ;-) This really makes me laugh when I look at the size of this thread :-)
-
Jan Meijer -
Peter Pentes -
Vasil Dimov