[stunnel-users] Stunnel for pop3 on solaris 2.6 ( Even more info)

Douglas Phillipson dougp at intermind.net
Wed Jul 6 21:33:09 CEST 2005


If I set "client = no" in stunnels config file I get the following from:


openssl s_client -connect 172.20.12.59:995

CONNECTED(00000003)
depth=0 /C=US/ST=Nevada/L=Las Vegas/O=Bechtel/OU=RSL/CN=test1
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=US/ST=Nevada/L=Las Vegas/O=Bechtel/OU=RSL/CN=test1
verify return:1
30463:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake 
failure:s23_lib.c:226:


Is a "self signed" Cert OK?  I didn't sign anything though.  Compiling 
stunnel created a cert.  Installing openssl I think created a cert.  Do 
these need to match somehow?  If so how do you do that?  I think I'm 
lost here...

Regards

Doug P


Douglas Phillipson wrote:
> I have a Solaris 2.6 box and am trying to get pop3 over SSL running.  I 
> use:
> 
> qpopper 4.0.5
> openssl-0.9.7g
> stunnel 4.10  compiled with gcc 2.95.3
> 
> When I compiled stunnel it made a private ket and certificate in 
> /usr/local/etc/stunnel/stunnel.pem.
> 
> Do I need anything else?
> 
> I have the following configuration:
> 
> Inetd.conf:
> 
> pop3 stream tcp nowait root /usr/local/sbin/popper qpopper -S  -t /poplog
> 
> stunnel.conf:
> 
> cert = /usr/local/etc/stunnel/stunnel.pem
> key = /usr/local/etc/stunnel/stunnel.pem
> debug = 7
> output = /stunnel.log
> pid = /stunnel.pid
> client = yes
> 
> [pop3s]
> accept  = 995
> connect = 110
> 
> I run stunnel and get the following output:
> 
> 2005.07.06 11:34:17 LOG5[17873:1]: stunnel 4.10 on sparc-sun-solaris2.6 
> UCONTEXT+POLL+IPv4 with OpenSSL 0.9.7g 11 Apr 2005
> 2005.07.06 11:34:18 LOG7[17873:1]: Snagged 64 random bytes from //.rnd
> 2005.07.06 11:34:18 LOG7[17873:1]: Wrote 1024 new random bytes to //.rnd
> 2005.07.06 11:34:18 LOG7[17873:1]: RAND_status claims sufficient entropy 
> for the PRNG
> 2005.07.06 11:34:18 LOG6[17873:1]: PRNG seeded successfully
> 2005.07.06 11:34:18 LOG7[17873:1]: Certificate: 
> /usr/local/etc/stunnel/stunnel.pem
> 2005.07.06 11:34:18 LOG7[17873:1]: Key file: 
> /usr/local/etc/stunnel/stunnel.pem
> 2005.07.06 11:34:18 LOG6[17873:1]: file ulimit = 64 (can be changed with 
> 'ulimit -n')
> 2005.07.06 11:34:18 LOG6[17873:1]: poll() used - no FD_SETSIZE limit for 
> file descriptors
> 2005.07.06 11:34:18 LOG5[17873:1]: 29 clients allowed
> 2005.07.06 11:34:18 LOG7[17873:1]: FD 4 in non-blocking mode
> 2005.07.06 11:34:18 LOG7[17873:1]: FD 5 in non-blocking mode
> 2005.07.06 11:34:18 LOG7[17873:1]: FD 6 in non-blocking mode
> 2005.07.06 11:34:18 LOG7[17873:1]: SO_REUSEADDR option set on accept socket
> 2005.07.06 11:34:18 LOG7[17873:1]: pop3s bound to 0.0.0.0:995
> 2005.07.06 11:34:18 LOG7[17874:1]: Created pid file /stunnel.pid
> 2005.07.06 11:34:18 LOG7[17874:0]: Waiting -1 second(s) for 2 file 
> descriptor(s)
> 
> 
> I connect via pop3 in thunderbird with ssl and qpopper always says:
> (null) at localhost (127.0.0.1): -ERR Unknown command: "".
>  (nulI/O error flushing output to client  at localhost [127.0.0.1]: 
> Broken pipe (32)l) at localhost (127.0.0.1): -ERR POP EOF or I/O Error
> 
> Stunnel says:
> 
> 2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 1, FD=4, (IN)->()
> 2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 1, FD=6, (IN)->(IN)
> 2005.07.06 11:37:13 LOG7[17884:1]: pop3s accepted FD=0 from 
> 172.20.10.7:45464
> 2005.07.06 11:37:13 LOG7[17884:1]: Creating a new context
> 2005.07.06 11:37:13 LOG7[17884:1]: Context 2 created
> 2005.07.06 11:37:13 LOG7[17884:2]: pop3s started
> 2005.07.06 11:37:13 LOG7[17884:2]: FD 0 in non-blocking mode
> 2005.07.06 11:37:13 LOG7[17884:2]: TCP_NODELAY option set on local socket
> 2005.07.06 11:37:13 LOG5[17884:2]: pop3s connected from 172.20.10.7:45464
> 2005.07.06 11:37:13 LOG7[17884:2]: FD 1 in non-blocking mode
> 2005.07.06 11:37:13 LOG7[17884:2]: pop3s connecting 127.0.0.1:110
> 2005.07.06 11:37:13 LOG7[17884:2]: Remote FD=1 initialized
> 2005.07.06 11:37:13 LOG7[17884:2]: TCP_NODELAY option set on remote socket
> 2005.07.06 11:37:13 LOG7[17884:2]: SSL state (connect): before/connect 
> initialization
> 2005.07.06 11:37:13 LOG7[17884:2]: SSL state (connect): SSLv3 write 
> client hello A
> 2005.07.06 11:37:13 LOG7[17884:0]: Waiting 300 second(s) for 3 file 
> descriptor(s)
> 2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 1, FD=4, (IN)->()
> 2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 1, FD=6, (IN)->()
> 2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 2, FD=1, (IN)->(IN)
> 
> The mail never gets delivered to either Thunderbird or outlook express.
> I get a certificate approval request from Thunderbird to which I grant, 
> then nothing.  If I disable ssl in thunderbird the mail gets accepted 
> normally.
> 
> What might I be doing wrong???
> 
> Thanks
> 
> Doug P
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at mirt.net
> http://stunnel.mirt.net/mailman/listinfo/stunnel-users
> 
> 



More information about the stunnel-users mailing list