[stunnel-users] CApath not working anymore
Michal Trojnara
Michal.Trojnara at mirt.net
Wed Jul 16 18:49:57 CEST 2014
Hi Jordan,
OpenSSL (AFAIR between versions 0.9.8 and 1.0.0) has changed the format of file names produced with the c_rehash script. You need to c_rehash the directory during the update of OpenSSL.
Mike
On 16 lipca 2014 16:11:36 CEST, Jordan Paschalidis <jordan.paschalidis at xcom.de> wrote:
>Hello,
>
>i have an existing stunnel-installation with CApath.
>I tried to setup a new stunnel-version, and copied all certifictes
>and had allwas an error like
>
>2014.07.16 09:50:36 LOG7[15937:0]: Starting certificate verification:
>depth=1, /C=DE/emailAddress=ssladmin at v.de
>2014.07.16 09:50:36 LOG4[15937:0]: CERT: Verification error: self
>signed
>certificate in certificate chain
>2014.07.16 09:50:36 LOG4[15937:0]: Certificate check failed: depth=1,
>/C=DE/emailAddress=ssladmin at v.de
>2014.07.16 09:50:36 LOG7[15937:0]: SSL alert (write): fatal: bad
>certificate
>2014.07.16 09:50:36 LOG3[15937:0]: SSL_accept: 140890B2:
>error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate
>returned
>2014.07.16 09:50:36 LOG5[15937:0]: Connection reset: 0 byte(s) sent to
>SSL, 0 byte(s) sent to socket
>
>
>i had an hard time to find out that CApath is not working anymore.
>I put for test all certificates into a file and used CAfile
>and immediately the connection was established.
>
>Does somebody know why CApath is not working anymore?
>Tested with stunnel 5.02, 4.56, 4.55, 4.54
>
>cheers,
>jordan
>
>
>_______________________________________________
>stunnel-users mailing list
>stunnel-users at stunnel.org
>https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
More information about the stunnel-users
mailing list