Re: [stunnel-users] A Calypso user needs your help with stunnel
Dear Ludolf et al: Thank you very much for your recent communication. I drew up what I thought I needed, based on your answer, in the configuration file. As might be expected in that I'm a novice at this, I still have a few more questions: 1. I tried it with and without the "Authentification stuff". Either way, after modifying stunnel.conf, and running stunnel.exe, stunnel.exe bombed with the following error: "Stunnel server down" (log said: ************** 2008.09.02 14:20:17 LOG7[16442455:16274811]: RAND_status claims sufficient entropy for the PRNG 2008.09.02 14:20:17 LOG7[16442455:16274811]: PRNG seeded successfully 2008.09.02 14:20:17 LOG3[16442455:16274811]: Error loading verify certificates from certs.pem 2008.09.02 14:20:17 LOG3[16442455:16274811]: error stack: B084002 : error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib 2008.09.02 14:20:17 LOG3[16442455:16274811]: error stack: 2006D080 : error:2006D080:BIO routines:BIO_new_file:no such file 2008.09.02 14:20:17 LOG3[16442455:16274811]: SSL_CTX_load_verify_locations: 2001002: error:02001002:system library:fopen:No such file or directory 2008.09.02 14:20:17 LOG3[16442455:16274811]: Server is down What caused this? ************** 2. My other question is: Do I need to put stunnel.exe in the startup folder? Does it automatically reference stunnel.conf (that is what I was assuming)? When I get it to run correctly, automatically referencing stunnel, conf, then can I run Calypso with the settings changed to tie in with the stunnel conf file? All of the above I was assuming was true, but I'm just asking to make sure. Thanks! Lenny
Dear all - "Stunnel server down" problem solved.(see earlier communication) Startup folder problem solved.(see earlier communication Now I'm down to just one (hopefully final) question: I get incorrect password message when I log on in my email client program. Why? (Stunnel has run correctly and is sitting in core. I am connected to the internet. The right port and host information has been keyed in in both stunnel.conf and the client software account settings.) But still it won't accept what I know to be my correct userid and password because they work in other contexts. My ISP says it's probably a generic message, meaning "it can't connect"l Any help would be greatly appreciatedl Thank youl Lenny
Hi All, For anyone who has looked into credit card PCI Compliance, you'll know what I'm dealing with. But I'm trying to work with some pretty old systems. To be compliant I need to disable SSL2.0 so I was trying to see if I could do it server-wide. My first thought was to recompile openssl with --no-ssl2 but that seems to only disable it for the tools rather than the linked library. After that, I gave up and started configuring programs one by one. However, despite my best ability to check, I can't see a way to disable SSL2.0 in Stunnel v3.X. Anyway, I'll likely upgrade to 4.X but I'm interested if anyone knows the fix either for openSSL or Stunnel 3.X. Regards, KAM
On Sat, 2008-09-06 16:27:46 -0700, John Bryant wrote:
[..]
I get incorrect password message when I log on in my email client program. Why?
[..]
My ISP says it's probably a generic message, meaning "it can't connect"l
This is my experience too. If a mail client prints 'wrong password', it often just says 'this did not work'. Check the stunnel log. There should be entries like '... accepted connection from ...' showing your mail client is connecting to the stunnel and '... connected remote server from ...' showing stunnel is connecting to the mail server. Ludolf -- --------------------------------------------------------------- Ludolf Holzheid Tel: +49 621 339960 Bihl+Wiedemann GmbH Fax: +49 621 3392239 Floßwörthstraße 41 e-mail: lholzheid@bihl-wiedemann.de D-68199 Mannheim, Germany ---------------------------------------------------------------
Dear all - I got incorrect password message when I logged on in my email client program. Why? I had forgotten to include my ENTIRE ID (i.e. my ENTIRE email address) in the setup of the mail server in my client software (despite my ISP's insistence that be done). Error message from server was misleading in that the error message did include my ENTIRE ID and asked for the password, then said it was a wrong combo. Thank you so much for your help. Your insistence that I check the log file to see if I was indeed connected was a big help, because it gave me confidence that I had at least gotten that far without a hitch. (Doing a google on the error message: "[AUTH] Username and password not accepted" was another mind-jogger.) Your help was greatly appreciated. Thank you againl Lenny
Dear all - When I got thru the receiving problems, and tried sending mail, I got this message: *********** Error - sent data: "MAIL FROM:<jbryant@lzy.net>" Receive error: "530-5.5.1 Authentication Required. Learn more at 530 5.5.1 http://mail.google.com/support/bin/answer.py?answer=14257 h27sm1283675elf.14" *********** I went to the link and then to another link within that and I have still not solved the problem. I have nothing about Authentication in the stunnel.conf file because I did not understand it. It seems from my googles that I should be able to set up the client Account Properties to provide (not "secure password authorisation", which my sources say is NOT desirable but) authentication with a password and my ENTIRE userid supplied - but when I tried doing that I got the message: The+server+does+not+support+any+secure+password+authentication+providers (without the pluses) So I'm back to square one. Will be doing research on this today, but thought I'd get this question in in case any one of you has encountered a similar problem. Thank you. Lenny
On Tue, 2008-09-09 11:42:43 -0700, John Bryant wrote:
Dear all -
When I got thru the receiving problems, and tried sending mail, I got this message:
***********
Error - sent data: "MAIL FROM:<jbryant@lzy.net>" Receive error: "530-5.5.1 Authentication Required. Learn more at 530 5.5.1 http://mail.google.com/support/bin/answer.py?answer=14257 h27sm1283675elf.14"
***********
Hi Lenny,
From the error message, I suspect the mail server in question being gmail. As far as I understand the gmail support pages, Google wants you to authenticate using SMTP authentication. This is a username/password authentication and is unrelated to the encryption stuff. The fact, the 530 message finds its way back to the mail client proofs the tunnel is up and working correctly.
What is needed now is to configure your mail client to send the username/password pair to the mail server. I don't know calypso at all, but I'd look for something like 'use name and password' in the 'outgoing server' dialog (if there is something like that). Ludolf -- --------------------------------------------------------------- Ludolf Holzheid Tel: +49 621 339960 Bihl+Wiedemann GmbH Fax: +49 621 3392239 Floßwörthstraße 41 e-mail: lholzheid@bihl-wiedemann.de D-68199 Mannheim, Germany ---------------------------------------------------------------
participants (3)
-
John Bryant -
Kevin A. McGrail -
Ludolf Holzheid