I made some changes...
On 15 May 2009 at 12:40, stunnel-users@mirt.net (Gary Kuznitz docfxit@theoffice.la) commented about Re: [stunnel-users] Can't connect t:
Thank you for the reply...
On 15 May 2009 at 20:55, Michal (Michal Trojnara Michal.Trojnara@mobi-com.net) commented about Re: [stunnel-users] Can't connect to Yahoo POP3:
Gary Kuznitz wrote:
How can I get a god certificate for Stunnel to use?
How would I set that up in Stunnel?
You don't really need a certificate for an SSL client. Just disable it.
How can I disable it?
You rather want to setup server certificate verification with "CAfile"
and "verify".
I have un-commented:
CAfile = certs.pem
I commented out the above line.
Now I'm getting a new error. Here is the log:
2009.05.15 16:32:30 LOG7[16267607:16279139]: RAND_status claims sufficient
entropy for the PRNG
2009.05.15 16:32:30 LOG7[16267607:16279139]: PRNG seeded successfully
2009.05.15 16:32:31 LOG7[16267607:16279139]: Certificate: stunnel.pem
2009.05.15 16:32:31 LOG7[16267607:16279139]: Certificate loaded
2009.05.15 16:32:31 LOG7[16267607:16279139]: Key file: stunnel.pem
2009.05.15 16:32:31 LOG7[16267607:16279139]: Private key loaded
2009.05.15 16:32:31 LOG3[16267607:16279139]: Either CApath or CAfile has to be
used for authentication
2009.05.15 16:32:31 LOG3[16267607:16279139]: Server is down
verify = 2
That gave me an error:
2009.05.15 12:38:13 LOG3[16278859:16279139]: Error loading verify certificates
from certs.pem
2009.05.15 12:38:13 LOG3[16278859:16279139]: error stack: B084002 :
error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib
2009.05.15 12:38:13 LOG3[16278859:16279139]: error stack: 2006D080 :
error:2006D080:BIO routines:BIO_new_file:no such file
2009.05.15 12:38:13 LOG3[16278859:16279139]: SSL_CTX_load_verify_locations:
2001002: error:02001002:system library:fopen:No such file or directory
; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
IMHO it's not a good idea for non-interactive connections, e.g. pop3.
I will comment out both of the above.
[pop3_DslextremeGmail]
accept = 127.0.0.1:11010
connect = pop.gmail.com:995
delay = yes
[pop3_Yahoo]
accept = 127.0.0.1:11011
connect = pop.mail.yahoo.com:995
delay = yes
[cut]
2009.05.14 15:48:12 LOG7[16278859:16041803]: SSL context initialized
for service pop3_Docfxit_Yahoo
I guess you use a different configuration file, as pop3_Docfxit_Yahoo
is not defined in the one you sent.
I'm sorry. I'm really using [pop3_Yahoo]
After I make a change to the conf. file Do I have to re-boot the PC or is it
enough to exit out of Stunnel and launch it again?
Thank you,
Gary Kuznitz
Best regards,
Mike
_______________________________________________
stunnel-users mailing list
stunnel-users@mirt.net
http://stunnel.mirt.net/mailman/listinfo/stunnel-users
Gary Kuznitz