[stunnel-users] Verify = 4 Fails Yet Again
Thomas Eifert
kxkvi at wi.rr.com
Fri Oct 25 00:33:19 CEST 2013
Mike,
I tried your config. I had to comment out the foreground and pid
statements, as they produced
error messages (I'm running under Win 7). I also had to change the
server address to a valid one,
but in any case I'm it's producing the same error. Here's the log:
2013.10.24 17:23:28 LOG7[2824:2876]: Service [test_cli] accepted
(FD=436) from 127.0.0.1:49487
2013.10.24 17:23:28 LOG7[2824:2876]: Creating a new thread
2013.10.24 17:23:28 LOG7[2824:2876]: New thread created
2013.10.24 17:23:28 LOG7[2824:3420]: Service [test_cli] started
2013.10.24 17:23:28 LOG5[2824:3420]: Service [test_cli] accepted
connection from 127.0.0.1:49487
2013.10.24 17:23:28 LOG6[2824:3420]: connect_blocking: connecting
69.16.186.7:443
2013.10.24 17:23:28 LOG7[2824:3420]: connect_blocking: s_poll_wait
69.16.186.7:443: waiting 10 seconds
2013.10.24 17:23:28 LOG5[2824:3420]: connect_blocking: connected
69.16.186.7:443
2013.10.24 17:23:28 LOG5[2824:3420]: Service [test_cli] connected remote
server from 192.168.5.9:49488
2013.10.24 17:23:28 LOG7[2824:3420]: Remote socket (FD=608) initialized
2013.10.24 17:23:28 LOG7[2824:3420]: SNI: sending servername:
news80.forteinc.com
2013.10.24 17:23:28 LOG7[2824:3420]: SSL state (connect): before/connect
initialization
2013.10.24 17:23:28 LOG7[2824:3420]: SSL state (connect): SSLv3 write
client hello A
2013.10.24 17:23:29 LOG7[2824:3420]: SSL state (connect): SSLv3 read
server hello A
2013.10.24 17:23:29 LOG7[2824:3420]: Starting certificate verification:
depth=0, /C=US/ST=California/L=Escondido/O=Forte Internet Software,
Inc./OU=IT/CN=*.forteinc.com
2013.10.24 17:23:29 LOG4[2824:3420]: CERT: Verification error: unable to
get local issuer certificate
2013.10.24 17:23:29 LOG4[2824:3420]: Certificate check failed: depth=0,
/C=US/ST=California/L=Escondido/O=Forte Internet Software,
Inc./OU=IT/CN=*.forteinc.com
2013.10.24 17:23:29 LOG7[2824:3420]: SSL alert (write): fatal: unknown CA
2013.10.24 17:23:29 LOG3[2824:3420]: SSL_connect: 14090086:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed
2013.10.24 17:23:29 LOG5[2824:3420]: Connection reset: 0 byte(s) sent to
SSL, 0 byte(s) sent to socket
2013.10.24 17:23:29 LOG7[2824:3420]: Remote socket (FD=608) closed
2013.10.24 17:23:29 LOG7[2824:3420]: Local socket (FD=436) closed
2013.10.24 17:23:29 LOG7[2824:3420]: Service [test_cli] finished (1 left)
Here's my own test configuration:
debug = 7
fips = no
delay = yes
output = stunnel.log
[nntps.6]
client = yes
cafile = peer-nntps.6.pem
verify = 4
accept = 127.0.0.1:119
connect = news80.forteinc.com:443
Regards,
Thomas
On 10/24/2013 4:19 PM, Michal Trojnara wrote:
> On 2013-10-24 23:07, Thomas Eifert wrote:
>> I'm not having your luck. Out of ten services, I have eight verfiy =
>> 4's that work as they should, and
>> two that need the CA certificate to be added.
> I don't think it's about luck. I'm pretty sure there is something wrong
> with your configuration. The one I sent you works fine. I won't be
> able to diagnose yours, because you didn't send it. Please try to
> reproduce my setup first. If it doesn't help solve the problem
> immediately, send me your setup so I can reproduce your error.
>
> BTW: I highly recommend reading:
> http://www.chiark.greenend.org.uk/~sgtatham/bugs.html
> <http://www.chiark.greenend.org.uk/%7Esgtatham/bugs.html>
>
> Mike
>
>
>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
--
Attention: This message and all attachments are private and may contain information that is confidential and privileged. If you received this message in error, please notify the sender by reply email and delete the message immediately.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20131024/a3492da2/attachment.html>
More information about the stunnel-users
mailing list