[stunnel-users] CApath not working anymore

Michal Trojnara Michal.Trojnara at mirt.net
Wed Jul 16 18:49:57 CEST 2014


Hi Jordan,

OpenSSL (AFAIR between versions 0.9.8 and 1.0.0) has changed the format of file names produced with the c_rehash script. You need to c_rehash the directory during the update of OpenSSL.

Mike

On 16 lipca 2014 16:11:36 CEST, Jordan Paschalidis <jordan.paschalidis at xcom.de> wrote:
>Hello,
>
>i have an existing stunnel-installation with CApath.
>I tried to setup a new stunnel-version, and copied all certifictes
>and had allwas an error like
>
>2014.07.16 09:50:36 LOG7[15937:0]: Starting certificate verification: 
>depth=1, /C=DE/emailAddress=ssladmin at v.de
>2014.07.16 09:50:36 LOG4[15937:0]: CERT: Verification error: self
>signed 
>certificate in certificate chain
>2014.07.16 09:50:36 LOG4[15937:0]: Certificate check failed: depth=1, 
>/C=DE/emailAddress=ssladmin at v.de
>2014.07.16 09:50:36 LOG7[15937:0]: SSL alert (write): fatal: bad 
>certificate
>2014.07.16 09:50:36 LOG3[15937:0]: SSL_accept: 140890B2: 
>error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate 
>returned
>2014.07.16 09:50:36 LOG5[15937:0]: Connection reset: 0 byte(s) sent to 
>SSL, 0 byte(s) sent to socket
>
>
>i had an hard time to find out that CApath is not working anymore.
>I put for test all certificates into a file and used CAfile
>and immediately the connection was established.
>
>Does somebody know why CApath is not working anymore?
>Tested with stunnel 5.02, 4.56, 4.55, 4.54
>
>cheers,
>jordan
>
>
>_______________________________________________
>stunnel-users mailing list
>stunnel-users at stunnel.org
>https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users




More information about the stunnel-users mailing list