[stunnel-users] Stunnel for pop3 on solaris 2.6 ( Even more info)
Douglas Phillipson
dougp at intermind.net
Wed Jul 6 21:33:09 CEST 2005
If I set "client = no" in stunnels config file I get the following from:
openssl s_client -connect 172.20.12.59:995
CONNECTED(00000003)
depth=0 /C=US/ST=Nevada/L=Las Vegas/O=Bechtel/OU=RSL/CN=test1
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=US/ST=Nevada/L=Las Vegas/O=Bechtel/OU=RSL/CN=test1
verify return:1
30463:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:226:
Is a "self signed" Cert OK? I didn't sign anything though. Compiling
stunnel created a cert. Installing openssl I think created a cert. Do
these need to match somehow? If so how do you do that? I think I'm
lost here...
Regards
Doug P
Douglas Phillipson wrote:
> I have a Solaris 2.6 box and am trying to get pop3 over SSL running. I
> use:
>
> qpopper 4.0.5
> openssl-0.9.7g
> stunnel 4.10 compiled with gcc 2.95.3
>
> When I compiled stunnel it made a private ket and certificate in
> /usr/local/etc/stunnel/stunnel.pem.
>
> Do I need anything else?
>
> I have the following configuration:
>
> Inetd.conf:
>
> pop3 stream tcp nowait root /usr/local/sbin/popper qpopper -S -t /poplog
>
> stunnel.conf:
>
> cert = /usr/local/etc/stunnel/stunnel.pem
> key = /usr/local/etc/stunnel/stunnel.pem
> debug = 7
> output = /stunnel.log
> pid = /stunnel.pid
> client = yes
>
> [pop3s]
> accept = 995
> connect = 110
>
> I run stunnel and get the following output:
>
> 2005.07.06 11:34:17 LOG5[17873:1]: stunnel 4.10 on sparc-sun-solaris2.6
> UCONTEXT+POLL+IPv4 with OpenSSL 0.9.7g 11 Apr 2005
> 2005.07.06 11:34:18 LOG7[17873:1]: Snagged 64 random bytes from //.rnd
> 2005.07.06 11:34:18 LOG7[17873:1]: Wrote 1024 new random bytes to //.rnd
> 2005.07.06 11:34:18 LOG7[17873:1]: RAND_status claims sufficient entropy
> for the PRNG
> 2005.07.06 11:34:18 LOG6[17873:1]: PRNG seeded successfully
> 2005.07.06 11:34:18 LOG7[17873:1]: Certificate:
> /usr/local/etc/stunnel/stunnel.pem
> 2005.07.06 11:34:18 LOG7[17873:1]: Key file:
> /usr/local/etc/stunnel/stunnel.pem
> 2005.07.06 11:34:18 LOG6[17873:1]: file ulimit = 64 (can be changed with
> 'ulimit -n')
> 2005.07.06 11:34:18 LOG6[17873:1]: poll() used - no FD_SETSIZE limit for
> file descriptors
> 2005.07.06 11:34:18 LOG5[17873:1]: 29 clients allowed
> 2005.07.06 11:34:18 LOG7[17873:1]: FD 4 in non-blocking mode
> 2005.07.06 11:34:18 LOG7[17873:1]: FD 5 in non-blocking mode
> 2005.07.06 11:34:18 LOG7[17873:1]: FD 6 in non-blocking mode
> 2005.07.06 11:34:18 LOG7[17873:1]: SO_REUSEADDR option set on accept socket
> 2005.07.06 11:34:18 LOG7[17873:1]: pop3s bound to 0.0.0.0:995
> 2005.07.06 11:34:18 LOG7[17874:1]: Created pid file /stunnel.pid
> 2005.07.06 11:34:18 LOG7[17874:0]: Waiting -1 second(s) for 2 file
> descriptor(s)
>
>
> I connect via pop3 in thunderbird with ssl and qpopper always says:
> (null) at localhost (127.0.0.1): -ERR Unknown command: "".
> (nulI/O error flushing output to client at localhost [127.0.0.1]:
> Broken pipe (32)l) at localhost (127.0.0.1): -ERR POP EOF or I/O Error
>
> Stunnel says:
>
> 2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 1, FD=4, (IN)->()
> 2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 1, FD=6, (IN)->(IN)
> 2005.07.06 11:37:13 LOG7[17884:1]: pop3s accepted FD=0 from
> 172.20.10.7:45464
> 2005.07.06 11:37:13 LOG7[17884:1]: Creating a new context
> 2005.07.06 11:37:13 LOG7[17884:1]: Context 2 created
> 2005.07.06 11:37:13 LOG7[17884:2]: pop3s started
> 2005.07.06 11:37:13 LOG7[17884:2]: FD 0 in non-blocking mode
> 2005.07.06 11:37:13 LOG7[17884:2]: TCP_NODELAY option set on local socket
> 2005.07.06 11:37:13 LOG5[17884:2]: pop3s connected from 172.20.10.7:45464
> 2005.07.06 11:37:13 LOG7[17884:2]: FD 1 in non-blocking mode
> 2005.07.06 11:37:13 LOG7[17884:2]: pop3s connecting 127.0.0.1:110
> 2005.07.06 11:37:13 LOG7[17884:2]: Remote FD=1 initialized
> 2005.07.06 11:37:13 LOG7[17884:2]: TCP_NODELAY option set on remote socket
> 2005.07.06 11:37:13 LOG7[17884:2]: SSL state (connect): before/connect
> initialization
> 2005.07.06 11:37:13 LOG7[17884:2]: SSL state (connect): SSLv3 write
> client hello A
> 2005.07.06 11:37:13 LOG7[17884:0]: Waiting 300 second(s) for 3 file
> descriptor(s)
> 2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 1, FD=4, (IN)->()
> 2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 1, FD=6, (IN)->()
> 2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 2, FD=1, (IN)->(IN)
>
> The mail never gets delivered to either Thunderbird or outlook express.
> I get a certificate approval request from Thunderbird to which I grant,
> then nothing. If I disable ssl in thunderbird the mail gets accepted
> normally.
>
> What might I be doing wrong???
>
> Thanks
>
> Doug P
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at mirt.net
> http://stunnel.mirt.net/mailman/listinfo/stunnel-users
>
>
More information about the stunnel-users
mailing list