[stunnel-users] Small challenge with version 4.26 and a commercial certificate
Leandro Avila
leandro.avila at ymail.com
Wed Feb 17 16:11:16 CET 2010
Hi Kevin,
I think there is ambiguous information about this.
The man page states that the private key should be unencrypted
However, the changelog states that the support for pass phrases was fixed in v4.20
I'll do some testing see what I can find. Or maybe someone can shed some light on the issue.
Best regards
-----------------
Leandro Avila
----- Original Message ----
From: editor <editor at cellmail.com>
To: stunnel-users at mirt.net
Sent: Sat, February 13, 2010 11:44:48 PM
Subject: [stunnel-users] Small challenge with version 4.26 and a commercial certificate
Hi:
I decided to spend the money and get a commercial certificate from
Thawte. It was not a bad price. I have installed in the Sun host and
while it works perfectly for Apache but I can not get the file to work
for stunnel. The idea is to allow mobile users to access their mail
without annoying certificate warnings.
This is what happens:
# /usr/local/bin/stunnel &
[1] 13704
# Enter PEM pass phrase:
2010.02.14 05:32:46 LOG7[13704:1]: Snagged 64 random bytes from
/export/home/kgreene/.rnd
2010.02.14 05:32:46 LOG7[13704:1]: Wrote 1024 new random bytes to
/export/home/kgreene/.rnd
2010.02.14 05:32:46 LOG7[13704:1]: RAND_status claims sufficient entropy
for the PRNG
2010.02.14 05:32:46 LOG7[13704:1]: PRNG seeded successfully
2010.02.14 05:32:46 LOG7[13704:1]: Certificate:
/usr/local/etc/stunnel/stunnel.pem
2010.02.14 05:32:46 LOG7[13704:1]: Certificate loaded
2010.02.14 05:32:46 LOG7[13704:1]: Key file:
/usr/local/etc/stunnel/stunnel.pem
2010.02.14 05:32:46 LOG3[13704:1]: error stack: 140B3009 :
error:140B3009:SSL routines:SSL_CTX_use_RSAPrivateKey_file:PEM lib
2010.02.14 05:32:46 LOG3[13704:1]: error stack: 906A068 :
error:0906A068:PEM routines:PEM_do_header:bad password read
2010.02.14 05:32:46 LOG3[13704:1]: SSL_CTX_use_RSAPrivateKey_file:
906406D: error:0906406D:PEM routines:PEM_def_callback:problems getting
password
[1]+ Exit 1 /usr/local/bin/stunnel
#
It never pauses to let me enter the PEM pass phase. As in instructed in
the man pages, I created the pem file by merging the private key and the
certificate from Thawte.
This is the version statement:
# /usr/local/bin/stunnel -version
stunnel 4.26 on sparc-sun-solaris2.9 with OpenSSL 0.9.8l 5 Nov 2009
Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
Global options
debug = 5
pid = /usr/local/var/run/stunnel/stunnel.pid
RNDbytes = 64
RNDfile = /dev/urandom
RNDoverwrite = yes
Service-level options
cert = /usr/local/etc/stunnel/stunnel.pem
ciphers = AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH
key = /usr/local/etc/stunnel/stunnel.pem
session = 300 seconds
stack = 65536 bytes
sslVersion = SSLv3 for client, all for server
TIMEOUTbusy = 300 seconds
TIMEOUTclose = 60 seconds
TIMEOUTconnect = 10 seconds
TIMEOUTidle = 43200 seconds
verify = none
-------------------------------
Any ideas would be great. Thanks.
Kevin
_______________________________________________
stunnel-users mailing list
stunnel-users at mirt.net
http://stunnel.mirt.net/mailman/listinfo/stunnel-users
More information about the stunnel-users
mailing list