I have a very confusing problem with stunnel on Ubuntu.  I have a configuration file that I have used in both Windows and Arch Linux.  In the Arch version, I use a single file with all the certificates for the partner systems, in the Windows version I use a capath directory.  I have tried both here and I always get the response "tlsv1 alert unknown ca".

The beginning of the stunnel.conf file is below.  Any hints would be appreciated.

Carter

cert = /etc/stunnel/xxxxxxx.pem key = /etc/stunnel/xxxxxxx.pem

fips = no

# Enable client mode client = yes

; Some security enhancements for UNIX systems - comment them out on Win32 #chroot = /var/run/stunnel/ #setuid = stunnel #setgid = stunnel ; PID is created inside chroot jail pid = /etc/stunnel/stunnel.pid

; Some performance tunings # Debug and Foreground are for testing socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 # Uncomment for debugging stunnel problems debug = 5 output = /etc/stunnel/stunnel.log ##foreground = yes

; NO SSLv2 options = NO_SSLv3 sslVersion = all

Ciphers = ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA

# # Uncomment and modify the CAFile to point to your ca.txt file #CAFile = /etc/stunnel/all.pem

CAPath = /etc/stunnel/capath #CAPath = @sysconfdir/ssl/certs

# Uncomment and modify the verify to enable CA validation # verifyChain = no VerifyPeer = yes