[stunnel-users] Small challenge with version 4.26 and a commercial certificate

editor editor at cellmail.com
Sun Feb 14 06:44:48 CET 2010 

Hi:

I decided to spend the money and get a commercial certificate from
Thawte. It was not a bad price. I have installed in the Sun host and
while it works perfectly for Apache but I can not get the file to work
for stunnel. The idea is to allow mobile users to access their mail
without annoying certificate warnings.

This is what happens:


# /usr/local/bin/stunnel &
[1] 13704
# Enter PEM pass phrase:
2010.02.14 05:32:46 LOG7[13704:1]: Snagged 64 random bytes from
/export/home/kgreene/.rnd
2010.02.14 05:32:46 LOG7[13704:1]: Wrote 1024 new random bytes to
/export/home/kgreene/.rnd
2010.02.14 05:32:46 LOG7[13704:1]: RAND_status claims sufficient entropy
for the PRNG
2010.02.14 05:32:46 LOG7[13704:1]: PRNG seeded successfully
2010.02.14 05:32:46 LOG7[13704:1]: Certificate:
/usr/local/etc/stunnel/stunnel.pem
2010.02.14 05:32:46 LOG7[13704:1]: Certificate loaded
2010.02.14 05:32:46 LOG7[13704:1]: Key file:
/usr/local/etc/stunnel/stunnel.pem
2010.02.14 05:32:46 LOG3[13704:1]: error stack: 140B3009 :
error:140B3009:SSL routines:SSL_CTX_use_RSAPrivateKey_file:PEM lib
2010.02.14 05:32:46 LOG3[13704:1]: error stack: 906A068 :
error:0906A068:PEM routines:PEM_do_header:bad password read
2010.02.14 05:32:46 LOG3[13704:1]: SSL_CTX_use_RSAPrivateKey_file:
906406D: error:0906406D:PEM routines:PEM_def_callback:problems getting
password

[1]+  Exit 1                  /usr/local/bin/stunnel

#

It never pauses to let me enter the PEM pass phase. As in instructed in
the man pages, I created the pem file by merging the private key and the
 certificate from Thawte.

This is the version statement:

# /usr/local/bin/stunnel -version
stunnel 4.26 on sparc-sun-solaris2.9 with OpenSSL 0.9.8l 5 Nov 2009
Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP

Global options
debug           = 5
pid             = /usr/local/var/run/stunnel/stunnel.pid
RNDbytes        = 64
RNDfile         = /dev/urandom
RNDoverwrite    = yes

Service-level options
cert            = /usr/local/etc/stunnel/stunnel.pem
ciphers         = AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH
key             = /usr/local/etc/stunnel/stunnel.pem
session         = 300 seconds
stack           = 65536 bytes
sslVersion      = SSLv3 for client, all for server
TIMEOUTbusy     = 300 seconds
TIMEOUTclose    = 60 seconds
TIMEOUTconnect  = 10 seconds
TIMEOUTidle     = 43200 seconds
verify          = none

-------------------------------

Any ideas would be great. Thanks.

Kevin

More information about the stunnel-users mailing list