[stunnel-users] certificate unknown
Ludovic DUFLOT
ludovic.duflot at univ-savoie.fr
Wed May 3 08:08:38 CEST 2006
Hi,
I tried to use stunnel to connect in SSL to a LDAP server. But I can't
and I've got this error message: certificate unknown
I use stunnel for establishing connexion with IMAPS server and all is
right but not for LDAP connexion.
The certificate is self-signate.
I searched on the list's archives and with google but I can't find any
solution...
Help !!!
Ludo
ps: these are the stunnel.conf and the log:
***************************
cert = stunnel.pem
; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
; Workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS
; Some debugging stuff useful for troubleshooting
debug = 7
;output = stunnel.log
; Use it for client mode
client = yes
; Service-level configuration
[ldaps]
accept = 389
connect = 10.0.0.1:636
verify = 0
[imaps]
accept = 143
connect = 10.0.0.2:993
***************************
2006.05.03 07:52:40 LOG7[4436:2436]: RAND_status claims sufficient
entropy for the PRNG
2006.05.03 07:52:40 LOG6[4436:2436]: PRNG seeded successfully
2006.05.03 07:52:40 LOG7[4436:2436]: Certificate: stunnel.pem
2006.05.03 07:52:40 LOG7[4436:2436]: Key file: stunnel.pem
2006.05.03 07:52:40 LOG7[4436:2436]: SSL context initialized for service
ldaps
2006.05.03 07:52:40 LOG7[4436:2436]: Certificate: stunnel.pem
2006.05.03 07:52:40 LOG7[4436:2436]: Key file: stunnel.pem
2006.05.03 07:52:40 LOG7[4436:2436]: SSL context initialized for service
imaps
2006.05.03 07:52:40 LOG7[4436:2436]: Certificate: stunnel.pem
2006.05.03 07:52:40 LOG7[4436:2436]: Key file: stunnel.pem
2006.05.03 07:52:40 LOG7[4436:2436]: SSL context initialized for service
https
2006.05.03 07:52:40 LOG5[4436:2436]: stunnel 4.15 on x86-pc-mingw32-gnu
with OpenSSL 0.9.7f 22 Mar 2005
2006.05.03 07:52:40 LOG5[4436:2436]: Threading:WIN32 SSL:ENGINE
Sockets:SELECT,IPv6
2006.05.03 07:52:40 LOG5[4436:4612]: No limit detected for the number of
clients
2006.05.03 07:52:40 LOG7[4436:4612]: FD 192 in non-blocking mode
2006.05.03 07:52:40 LOG7[4436:4612]: SO_REUSEADDR option set on accept
socket
2006.05.03 07:52:40 LOG7[4436:4612]: ldaps bound to 0.0.0.0:389
2006.05.03 07:52:40 LOG7[4436:4612]: FD 196 in non-blocking mode
2006.05.03 07:52:40 LOG7[4436:4612]: SO_REUSEADDR option set on accept
socket
2006.05.03 07:52:40 LOG7[4436:4612]: imaps bound to 0.0.0.0:143
2006.05.03 07:52:40 LOG7[4436:4612]: FD 212 in non-blocking mode
2006.05.03 07:52:40 LOG7[4436:4612]: SO_REUSEADDR option set on accept
socket
2006.05.03 07:52:40 LOG7[4436:4612]: https bound to 0.0.0.0:443
2006.05.03 07:52:50 LOG7[4436:4612]: ldaps accepted FD=220 from
127.0.0.1:2893
2006.05.03 07:52:50 LOG7[4436:4612]: Creating a new thread
2006.05.03 07:52:50 LOG7[4436:4612]: New thread created
2006.05.03 07:52:50 LOG7[4436:5780]: ldaps started
2006.05.03 07:52:50 LOG7[4436:5780]: FD 220 in non-blocking mode
2006.05.03 07:52:50 LOG7[4436:5780]: TCP_NODELAY option set on local socket
2006.05.03 07:52:50 LOG5[4436:5780]: ldaps connected from 127.0.0.1:2893
2006.05.03 07:52:50 LOG7[4436:5780]: FD 244 in non-blocking mode
2006.05.03 07:52:50 LOG7[4436:5780]: ldaps connecting 10.0.0.1:636
2006.05.03 07:52:50 LOG7[4436:5780]: connect_wait: waiting 10 seconds
2006.05.03 07:52:50 LOG7[4436:5780]: connect_wait: connected
2006.05.03 07:52:50 LOG7[4436:5780]: Remote FD=244 initialized
2006.05.03 07:52:50 LOG7[4436:5780]: TCP_NODELAY option set on remote socket
2006.05.03 07:52:50 LOG7[4436:5780]: SSL state (connect): before/connect
initialization
2006.05.03 07:52:50 LOG7[4436:5780]: SSL state (connect): SSLv3 write
client hello A
2006.05.03 07:52:50 LOG7[4436:5780]: SSL state (connect): SSLv3 read
server hello A
2006.05.03 07:52:50 LOG5[4436:5780]: VERIFY IGNORE: depth=1,
/C=FR/ST=Savoie/L=Chambery/O=Universite de Savoie/OU=DSI/CN=DSI
CA/emailAddress=admin at univ-savoie.fr
2006.05.03 07:52:50 LOG5[4436:5780]: VERIFY IGNORE: depth=1,
/C=FR/ST=Savoie/L=Chambery/O=Universite de Savoie/OU=DSI/CN=DSI
CA/emailAddress=admin at univ-savoie.fr
2006.05.03 07:52:50 LOG5[4436:5780]: VERIFY IGNORE: depth=1,
/C=FR/ST=Savoie/L=Chambery/O=Universite de Savoie/OU=DSI/CN=DSI
CA/emailAddress=admin at univ-savoie.fr
2006.05.03 07:52:50 LOG5[4436:5780]: VERIFY IGNORE: depth=0,
/C=FR/ST=Savoie/L=Chambery/O=Universite de
Savoie/OU=DSI/CN=ldap-bourget.univ-savoie.fr
2006.05.03 07:52:50 LOG7[4436:5780]: SSL state (connect): SSLv3 read
server certificate A
2006.05.03 07:52:50 LOG7[4436:5780]: SSL state (connect): SSLv3 read
server certificate request A
2006.05.03 07:52:50 LOG7[4436:5780]: SSL state (connect): SSLv3 read
server done A
2006.05.03 07:52:50 LOG7[4436:5780]: SSL state (connect): SSLv3 write
client certificate A
2006.05.03 07:52:50 LOG7[4436:5780]: SSL state (connect): SSLv3 write
client key exchange A
2006.05.03 07:52:50 LOG7[4436:5780]: SSL state (connect): SSLv3 write
certificate verify A
2006.05.03 07:52:50 LOG7[4436:5780]: SSL state (connect): SSLv3 write
change cipher spec A
2006.05.03 07:52:50 LOG7[4436:5780]: SSL state (connect): SSLv3 write
finished A
2006.05.03 07:52:50 LOG7[4436:5780]: SSL state (connect): SSLv3 flush data
2006.05.03 07:52:50 LOG7[4436:5780]: SSL alert (read): fatal:
certificate unknown
2006.05.03 07:52:50 LOG3[4436:5780]: SSL_connect: 14094416:
error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown
2006.05.03 07:52:50 LOG5[4436:5780]: Connection reset: 0 bytes sent to
SSL, 0 bytes sent to socket
2006.05.03 07:52:50 LOG7[4436:5780]: ldaps finished (0 left)
More information about the stunnel-users
mailing list