[stunnel-users] Verify = 4 Fails Yet Again
Thomas Eifert
kxkvi at wi.rr.com
Thu Oct 24 23:07:37 CEST 2013
Mike,
I'm not having your luck. Out of ten services, I have eight verfiy =
4's that work as they should, and
two that need the CA certificate to be added.
Here's my log output for the same server certificate that you tested.
(without adding the certificate
of the CA)
Thomas
2013.10.24 16:01:03 LOG7[2824:2876]: Service [nntps.6] accepted (FD=588)
from 127.0.0.1:49411
2013.10.24 16:01:03 LOG7[2824:2876]: Creating a new thread
2013.10.24 16:01:03 LOG7[2824:2876]: New thread created
2013.10.24 16:01:03 LOG7[2824:2228]: Service [nntps.6] started
2013.10.24 16:01:03 LOG5[2824:2228]: Service [nntps.6] accepted
connection from 127.0.0.1:49411
2013.10.24 16:01:04 LOG6[2824:2228]: connect_blocking: connecting
69.16.186.7:443
2013.10.24 16:01:04 LOG7[2824:2228]: connect_blocking: s_poll_wait
69.16.186.7:443: waiting 10 seconds
2013.10.24 16:01:04 LOG5[2824:2228]: connect_blocking: connected
69.16.186.7:443
2013.10.24 16:01:04 LOG5[2824:2228]: Service [nntps.6] connected remote
server from 192.168.5.9:49412
2013.10.24 16:01:04 LOG7[2824:2228]: Remote socket (FD=596) initialized
2013.10.24 16:01:04 LOG7[2824:2228]: SNI: sending servername:
news80.forteinc.com
2013.10.24 16:01:04 LOG7[2824:2228]: SSL state (connect): before/connect
initialization
2013.10.24 16:01:04 LOG7[2824:2228]: SSL state (connect): SSLv3 write
client hello A
2013.10.24 16:01:04 LOG7[2824:2228]: SSL state (connect): SSLv3 read
server hello A
2013.10.24 16:01:04 LOG7[2824:2228]: Starting certificate verification:
depth=0, /C=US/postalCode=92026/ST=California/L=Escondido/street=2223
Bent Tree Place/O=Forte Internet Software, Inc./OU=Internet
Services/OU=Comodo PremiumSSL Wildcard/CN=*.forteinc.com
2013.10.24 16:01:04 LOG4[2824:2228]: CERT: Verification error: unable to
get local issuer certificate
2013.10.24 16:01:04 LOG4[2824:2228]: Certificate check failed: depth=0,
/C=US/postalCode=92026/ST=California/L=Escondido/street=2223 Bent Tree
Place/O=Forte Internet Software, Inc./OU=Internet Services/OU=Comodo
PremiumSSL Wildcard/CN=*.forteinc.com
2013.10.24 16:01:04 LOG7[2824:2228]: SSL alert (write): fatal: unknown CA
2013.10.24 16:01:04 LOG3[2824:2228]: SSL_connect: 14090086:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed
2013.10.24 16:01:04 LOG5[2824:2228]: Connection reset: 0 byte(s) sent to
SSL, 0 byte(s) sent to socket
2013.10.24 16:01:04 LOG7[2824:2228]: Remote socket (FD=596) closed
2013.10.24 16:01:04 LOG7[2824:2228]: Local socket (FD=588) closed
2013.10.24 16:01:04 LOG7[2824:2228]: Service [nntps.6] finished (1 left)
On 10/24/2013 2:57 PM, Michal Trojnara wrote:
> As strange as it may sound it just worked for me:
--
Attention: This message and all attachments are private and may contain information that is confidential and privileged. If you received this message in error, please notify the sender by reply email and delete the message immediately.
More information about the stunnel-users
mailing list