Hi,
I am trying to configure one of my clients to use 'engine = capi', but cannot find a way to define which Key to actually use.
debug = 7 does not show engine internal actions and engineCtrl = CAPI_CMD_DEBUG_LEVEL:2 gives an error, as well as engineCtrl = DEBUG_LEVEL:2
I'de appreciate any help with configuring this.
Thanks in advance, Shay
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 18.02.2016 10:26, Shay Cohen wrote:
I am trying to configure one of my clients to use 'engine = capi', but cannot find a way to define which Key to actually use.
With the CAPI engine you don't need to manually select the client key to use. The client key is automatically selected based on the list of CAs trusted by the server.
Best regards, Mike
Thank you Michal, But in this case it does not get the certificate (for some reason).
#Working configuration (based on certificate-file) : debug = 7 cert = c:\test1.pem CAfile = c:\cacert.pem verify = 2 options = NO_TLSv1.1 [test] engineId = capi client = yes accept = 0.0.0.0:9001 connect = 1.2.3.4:9000
#Not-Working configuration (based on CAPI; c:\test1.pem is imported under Personal\Certificates): debug = 7 engine = capi engineCtrl = debug_level:2 engineCtrl = debug_file:c:\keys\capi.txt engineCtrl = store_name:Personal CAfile = c:\cacert.pem verify = 2 options = NO_TLSv1.1 [test] engineId = capi client = yes accept = 0.0.0.0:9001 connect = 1.2.3.4:9000
#Content of capi.txt Setting debug file to c:\keys\capi.txt Setting store name to Personal Opening certificate store MY
On Thu, Feb 18, 2016 at 11:38 AM, Michal Trojnara < Michal.Trojnara@stunnel.org> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 18.02.2016 10:26, Shay Cohen wrote:
I am trying to configure one of my clients to use 'engine = capi', but cannot find a way to define which Key to actually use.
With the CAPI engine you don't need to manually select the client key to use. The client key is automatically selected based on the list of CAs trusted by the server.
Best regards, Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAEBCAAGBQJWxZEOAAoJEC78f/DUFuAUJ7YP/A7fzgmI8dKdKlb0jm2olbjS PxtUaPSwog6M8uNMXV88dyvJAaDn+KrxHPXXWzw6z+0bca+Cj4ddrn32mc5eJIfC 0QCXR/0uId5C6xLgOgq/3fW/MFkLRCLrHqVgm/Wzp3CRLUAB1D3HWOyFK3JezegN nAbULf03UFaBJjj3xI9YHBJonJu+emwQI00sNvmTVc26lq1hVwAISlvDAEvWwyPy zhT+j2ao0d2+jYln93Klxl85PbF+ybacewODRsZVdrnJN6YoxRrhRmhMTnzHBUCo u5oAGfyg77sBsivBS4M6NLik62off+Lkvlj0TzkjnDewHBcm67nigOdiVa3Lx6c6 Nzhdk2fFiqf4mGN50gsITOoyqPNkfWSdjFeyWAOFU1DMILFn0Um8FVg2fd05LqPN XBg7UVj8Jt4r8dCZvVQCNMAhEb7xfHlDdo63J7qzQF9bq6hpMvsDWx1dUyGA1Nvb 49ii4ScLNlHQ0Lh6e/4Lc2z+XuOr1gZyuRYfAfpkcd3g3mjPWblAYhqAkTUpqPT3 qiDM6ub9qhFNzoebuXPVi7zjPHibnRM5SHJDJAR5zMyyOv4IdvroUY5Z8TY1MAp6 lIuD8dHzkI7prTRTNiFxPdmWtBUGWLsO1fceHGxvEeRo5kVGZ2HL24g8yNefslXX CCXEp0B0O5wFFldy2gYk =fcHM -----END PGP SIGNATURE----- _______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
-
Michal Trojnara -
Shay Cohen