in cygwin i have the following errors: $ openssl req -new -x509 -days 365 -nodes -config /etc/stunnel/stunnel.conf -out stunnel.pem -keyout stunnel.pem Generating a 512 bit RSA private key ..++++++++++++ .....++++++++++++ writing new private key to 'stunnel.pem'
unable to find 'distinguished_name' in config problems making Certificate Request 1988:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:329:group=req name=distinguished_name
$ /usr/bin/stunnel.exe 2007.05.13 22:37:12 LOG4[2188:6422536]: Wrong permissions on /etc/stunnel/mail.pem 2007.05.13 22:37:12 LOG3[2188:6422536]: Error reading certificate file: /etc/stunnel/stunnel.pem 2007.05.13 22:37:12 LOG3[2188:6422536]: error stack: 140DC009 : error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib 2007.05.13 22:37:12 LOG3[2188:6422536]: SSL_CTX_use_certificate_chain_file: 906D06C: error:0906D06C:PEM routines:PEM_read_bio:no start line
and i ran all as Administrator
Can you please post your /etc/stunnel/stunnel.conf, and also the results of 'ls -al /etc/stunnel'. Thanks, Andrew.
$ ls -al /etc/stunnel/ total 6 drwx------+ 2 FC1 Users 0 May 13 22:37 . drwx------+ 11 FC1 Users 0 May 13 21:56 .. lrwxrwxrwx 1 Administrator Nessuno 11 May 13 22:37 mail.pem -> stunnel.pem -rwx------ 1 Administrator Nessuno 1578 May 13 22:36 stunnel.conf -rwx------+ 1 FC1 Users 1533 May 13 22:13 stunnel.conf-sample -rw-r--r-- 1 Administrator Nessuno 497 May 13 22:36 stunnel.pem
$ cat /etc/stunnel/stunnel.conf #; Sample stunnel configuration file by Michal Trojnara 2002-2006 #; Some options used here may not be adequate for your particular configuration #; Please make sure you understand them (especially the effect of chroot jail)
#; Certificate/key is needed in server mode and optional in client mode #;cert = /etc/stunnel/mail.pem key = /etc/stunnel/mail.pem
#; Protocol version (all, SSLv2, SSLv3, TLSv1) sslVersion = SSLv3
#; Some security enhancements for UNIX systems - comment them out on Win32 chroot = /var/lib/stunnel/ setuid = nobody setgid = nobody #; PID is created inside chroot jail pid = /stunnel.pid
#; Some performance tunings socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 #;compression = rle
#; Workaround for Eudora bug #;options = DONT_INSERT_EMPTY_FRAGMENTS
#; Authentication stuff #;verify = 2 #; Don't forget to c_rehash CApath #; CApath is located inside chroot jail #;CApath = /certs #; It's often easier to use CAfile #;CAfile = /etc/stunnel/certs.pem #; Don't forget to c_rehash CRLpath #; CRLpath is located inside chroot jail #;CRLpath = /crls #; Alternatively you can use CRLfile #;CRLfile = /etc/stunnel/crls.pem
#; Some debugging stuff useful for troubleshooting #;debug = 7 #;output = stunnel.log
#; Use it for client mode #;client = yes
#; Service-level configuration
#;[pop3s] #;accept = 995 #;connect = 110
#;[imaps] #;accept = 993 #;connect = 143
#;[ssmtp] #;accept = 465 #;connect = 25
#;[https] ##;accept = 443 #;connect = 80 #;TIMEOUTclose = 0
#; vim:ft=dosini
[vnc] accept = 127.0.0.1:5500 connect = 192.168.1.107:443
now that i have posted the config file...do i need to post something else?
GNUtoo@no-log.org wrote:
2007.05.13 22:37:12 LOG4[2188:6422536]: Wrong permissions on /etc/stunnel/mail.pem
That's your error right there...
$ ls -al /etc/stunnel/ total 6 drwx------+ 2 FC1 Users 0 May 13 22:37 . drwx------+ 11 FC1 Users 0 May 13 21:56 .. lrwxrwxrwx 1 Administrator Nessuno 11 May 13 22:37 mail.pem -> stunnel.pem -rwx------ 1 Administrator Nessuno 1578 May 13 22:36 stunnel.conf -rwx------+ 1 FC1 Users 1533 May 13 22:13
stunnel.conf-sample
-rw-r--r-- 1 Administrator Nessuno 497 May 13 22:36 stunnel.pem
stunnel requires the private key to be private, so stunnel.pem needs to be 600
Y.
-
GNUtooï¼ no-log.org -
RUTSCHLE Yves