certificate unknown - error:14094416 - stunnel-users

12 May 2006


      Hi,
I tried to use stunnel to connect in SSL to a LDAP server. But I can't
and I've got this error message: certificate unknown
The certificate is self-signed.
If I use stunnel for establishing connexion with IMAPS server with a 
self-signed certificate too, all is right but not for LDAP connexion.
I searched on the list's archives and with google but I can't find any
solution...
Help !!!
Ludo
ps: these are the stunnel.conf and the log:
***************************
cert = stunnel.pem
; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
; Workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS
; Some debugging stuff useful for troubleshooting
debug = 7
;output = stunnel.log
; Use it for client mode
client = yes
; Service-level configuration
[ldaps]
accept = 389
connect = 10.0.0.1:636
verify = 0
[imaps]
accept  = 143
connect = 10.0.0.2:993
***************************
2006.05.03 07:52:50 LOG7[4436:5780]: ldaps connecting 10.0.0.1:636
2006.05.03 07:52:50 LOG7[4436:5780]: connect_wait: waiting 10 seconds
2006.05.03 07:52:50 LOG7[4436:5780]: connect_wait: connected
2006.05.03 07:52:50 LOG7[4436:5780]: Remote FD=244 initialized
2006.05.03 07:52:50 LOG7[4436:5780]: TCP_NODELAY option set on remote socket
2006.05.03 07:52:50 LOG7[4436:5780]: SSL state (connect): before/connect
initialization
2006.05.03 07:52:50 LOG7[4436:5780]: SSL state (connect): SSLv3 write
client hello A
2006.05.03 07:52:50 LOG7[4436:5780]: SSL state (connect): SSLv3 read
server hello A
2006.05.03 07:52:50 LOG5[4436:5780]: VERIFY IGNORE: depth=1,
/C=FR/ST=Savoie/L=Chambery/O=Universite de Savoie/OU=DSI/CN=DSI
CA/emailAddress=admin@univ-savoie.fr
2006.05.03 07:52:50 LOG5[4436:5780]: VERIFY IGNORE: depth=1,
/C=FR/ST=Savoie/L=Chambery/O=Universite de Savoie/OU=DSI/CN=DSI
CA/emailAddress=admin@univ-savoie.fr
2006.05.03 07:52:50 LOG5[4436:5780]: VERIFY IGNORE: depth=1,
/C=FR/ST=Savoie/L=Chambery/O=Universite de Savoie/OU=DSI/CN=DSI
CA/emailAddress=admin@univ-savoie.fr
2006.05.03 07:52:50 LOG5[4436:5780]: VERIFY IGNORE: depth=0,
/C=FR/ST=Savoie/L=Chambery/O=Universite de
Savoie/OU=DSI/CN=ldap-bourget.univ-savoie.fr
2006.05.03 07:52:50 LOG7[4436:5780]: SSL state (connect): SSLv3 read
server certificate A
2006.05.03 07:52:50 LOG7[4436:5780]: SSL state (connect): SSLv3 read
server certificate request A
2006.05.03 07:52:50 LOG7[4436:5780]: SSL state (connect): SSLv3 read
server done A
2006.05.03 07:52:50 LOG7[4436:5780]: SSL state (connect): SSLv3 write
client certificate A
2006.05.03 07:52:50 LOG7[4436:5780]: SSL state (connect): SSLv3 write
client key exchange A
2006.05.03 07:52:50 LOG7[4436:5780]: SSL state (connect): SSLv3 write
certificate verify A
2006.05.03 07:52:50 LOG7[4436:5780]: SSL state (connect): SSLv3 write
change cipher spec A
2006.05.03 07:52:50 LOG7[4436:5780]: SSL state (connect): SSLv3 write
finished A
2006.05.03 07:52:50 LOG7[4436:5780]: SSL state (connect): SSLv3 flush data
2006.05.03 07:52:50 LOG7[4436:5780]: SSL alert (read): fatal:
certificate unknown
2006.05.03 07:52:50 LOG3[4436:5780]: SSL_connect: 14094416:
error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown
2006.05.03 07:52:50 LOG5[4436:5780]: Connection reset: 0 bytes sent to
SSL, 0 bytes sent to socket
2006.05.03 07:52:50 LOG7[4436:5780]: ldaps finished (0 left)