[stunnel-users] Verify = 4 Fails Yet Again

Thomas Eifert kxkvi at wi.rr.com
Thu Oct 24 23:07:37 CEST 2013 

Mike,

I'm not having your luck.  Out of ten services, I have eight verfiy = 
4's that work as they should, and
two that need the CA certificate to be added.

Here's my log output for the same server certificate that you tested.  
(without adding the certificate
of the CA)

Thomas

2013.10.24 16:01:03 LOG7[2824:2876]: Service [nntps.6] accepted (FD=588) 
from 127.0.0.1:49411
2013.10.24 16:01:03 LOG7[2824:2876]: Creating a new thread
2013.10.24 16:01:03 LOG7[2824:2876]: New thread created
2013.10.24 16:01:03 LOG7[2824:2228]: Service [nntps.6] started
2013.10.24 16:01:03 LOG5[2824:2228]: Service [nntps.6] accepted 
connection from 127.0.0.1:49411
2013.10.24 16:01:04 LOG6[2824:2228]: connect_blocking: connecting 
69.16.186.7:443
2013.10.24 16:01:04 LOG7[2824:2228]: connect_blocking: s_poll_wait 
69.16.186.7:443: waiting 10 seconds
2013.10.24 16:01:04 LOG5[2824:2228]: connect_blocking: connected 
69.16.186.7:443
2013.10.24 16:01:04 LOG5[2824:2228]: Service [nntps.6] connected remote 
server from 192.168.5.9:49412
2013.10.24 16:01:04 LOG7[2824:2228]: Remote socket (FD=596) initialized
2013.10.24 16:01:04 LOG7[2824:2228]: SNI: sending servername: 
news80.forteinc.com
2013.10.24 16:01:04 LOG7[2824:2228]: SSL state (connect): before/connect 
initialization
2013.10.24 16:01:04 LOG7[2824:2228]: SSL state (connect): SSLv3 write 
client hello A
2013.10.24 16:01:04 LOG7[2824:2228]: SSL state (connect): SSLv3 read 
server hello A
2013.10.24 16:01:04 LOG7[2824:2228]: Starting certificate verification: 
depth=0, /C=US/postalCode=92026/ST=California/L=Escondido/street=2223 
Bent Tree Place/O=Forte Internet Software, Inc./OU=Internet 
Services/OU=Comodo PremiumSSL Wildcard/CN=*.forteinc.com
2013.10.24 16:01:04 LOG4[2824:2228]: CERT: Verification error: unable to 
get local issuer certificate
2013.10.24 16:01:04 LOG4[2824:2228]: Certificate check failed: depth=0, 
/C=US/postalCode=92026/ST=California/L=Escondido/street=2223 Bent Tree 
Place/O=Forte Internet Software, Inc./OU=Internet Services/OU=Comodo 
PremiumSSL Wildcard/CN=*.forteinc.com
2013.10.24 16:01:04 LOG7[2824:2228]: SSL alert (write): fatal: unknown CA
2013.10.24 16:01:04 LOG3[2824:2228]: SSL_connect: 14090086: 
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate 
verify failed
2013.10.24 16:01:04 LOG5[2824:2228]: Connection reset: 0 byte(s) sent to 
SSL, 0 byte(s) sent to socket
2013.10.24 16:01:04 LOG7[2824:2228]: Remote socket (FD=596) closed
2013.10.24 16:01:04 LOG7[2824:2228]: Local socket (FD=588) closed
2013.10.24 16:01:04 LOG7[2824:2228]: Service [nntps.6] finished (1 left)


On 10/24/2013 2:57 PM, Michal Trojnara wrote:
> As strange as it may sound it just worked for me:

-- 
Attention: This message and all attachments are private and may contain information that is confidential and privileged. If you received this message in error, please notify the sender by reply email and delete the message immediately.

More information about the stunnel-users mailing list