I made some changes...
On 15 May 2009 at 12:40, stunnel-users@mirt.net (Gary Kuznitz docfxit@theoffice.la) commented about Re: [stunnel-users] Can't connect t:
Thank you for the reply...
On 15 May 2009 at 20:55, Michal (Michal Trojnara Michal.Trojnara@mobi-com.net) commented about Re: [stunnel-users] Can't connect to Yahoo POP3:
Gary Kuznitz wrote:
How can I get a god certificate for Stunnel to use? How would I set that up in Stunnel?
You don't really need a certificate for an SSL client. Just disable it.
How can I disable it?
You rather want to setup server certificate verification with "CAfile" and "verify".
I have un-commented: CAfile = certs.pem
I commented out the above line. Now I'm getting a new error. Here is the log: 2009.05.15 16:32:30 LOG7[16267607:16279139]: RAND_status claims sufficient entropy for the PRNG 2009.05.15 16:32:30 LOG7[16267607:16279139]: PRNG seeded successfully 2009.05.15 16:32:31 LOG7[16267607:16279139]: Certificate: stunnel.pem 2009.05.15 16:32:31 LOG7[16267607:16279139]: Certificate loaded 2009.05.15 16:32:31 LOG7[16267607:16279139]: Key file: stunnel.pem 2009.05.15 16:32:31 LOG7[16267607:16279139]: Private key loaded 2009.05.15 16:32:31 LOG3[16267607:16279139]: Either CApath or CAfile has to be used for authentication
2009.05.15 16:32:31 LOG3[16267607:16279139]: Server is down
verify = 2
That gave me an error: 2009.05.15 12:38:13 LOG3[16278859:16279139]: Error loading verify certificates from certs.pem 2009.05.15 12:38:13 LOG3[16278859:16279139]: error stack: B084002 : error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib 2009.05.15 12:38:13 LOG3[16278859:16279139]: error stack: 2006D080 : error:2006D080:BIO routines:BIO_new_file:no such file 2009.05.15 12:38:13 LOG3[16278859:16279139]: SSL_CTX_load_verify_locations: 2001002: error:02001002:system library:fopen:No such file or directory
; Some performance tunings socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1
IMHO it's not a good idea for non-interactive connections, e.g. pop3.
I will comment out both of the above.
[pop3_DslextremeGmail] accept = 127.0.0.1:11010 connect = pop.gmail.com:995 delay = yes
[pop3_Yahoo] accept = 127.0.0.1:11011 connect = pop.mail.yahoo.com:995 delay = yes
[cut]
2009.05.14 15:48:12 LOG7[16278859:16041803]: SSL context initialized for service pop3_Docfxit_Yahoo
I guess you use a different configuration file, as pop3_Docfxit_Yahoo is not defined in the one you sent.
I'm sorry. I'm really using [pop3_Yahoo]
After I make a change to the conf. file Do I have to re-boot the PC or is it enough to exit out of Stunnel and launch it again?
Thank you,
Gary Kuznitz
Best regards, Mike _______________________________________________ stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users
-
Gary Kuznitz