At more or less 2008-01-09 18:09 +0100, khaled45@free.fr squalked:

; It's often easier to use CAfile CAfile = ca.pem cert = userkey.pem debug = 7 client = no [apache] accept = 4433 connect = 192.168.1.4:433

I'd suggest using the full path for your pem files above, just to be safe.

Can you shoot the public keys of the client (which is not on this machine) and the ca.pem and the public key from userkey.pem (which is actually the server's key - you may wish to rename.)

There are three pems involved:

* the CA key (private) and cert (public) in ca.pem * the stunnel server's key (private) and cert (public) in userkey.pem. ('userkey' is a bad name here.) * the client's key (private) and cert (public) on 192.168.1.5.

Can you send the public parts here so I can verify that they're signed by the appropritate folks?