[stunnel-users] CApath not working anymore

Jordan Paschalidis jordan.paschalidis at xcom.de
Thu Jul 17 10:17:35 CEST 2014


Hello Michal,

yes, you are right.
I read this sentence a couple of times but i could not relate it to my 
problem.

I have a centos 6 installation an wanted a separate openssl.
I installed the stunnel and modified the init-script to contain

SSLPREFIX=/usr/local/openssl
LD_LIBRARY_PATH=$SSLPREFIX/lib:$LD_LIBRARY_PATH
export LD_LIBRARY_PATH

But i didn't realised that this was also needed for c_rehash.


Thanks a lot.


cheers,
jordan


-------- Original-Nachricht --------
Betreff: Re: [stunnel-users] CApath not working anymore
Von: Michal Trojnara <Michal.Trojnara at mirt.net>
An: stunnel-users at stunnel.org
Datum: 16.07.2014 18:49

> Hi Jordan,
>
> OpenSSL (AFAIR between versions 0.9.8 and 1.0.0) has changed the format of file names produced with the c_rehash script. You need to c_rehash the directory during the update of OpenSSL.
>
> Mike
>
> On 16 lipca 2014 16:11:36 CEST, Jordan Paschalidis <jordan.paschalidis at xcom.de> wrote:
>> Hello,
>>
>> i have an existing stunnel-installation with CApath.
>> I tried to setup a new stunnel-version, and copied all certifictes
>> and had allwas an error like
>>
>> 2014.07.16 09:50:36 LOG7[15937:0]: Starting certificate verification:
>> depth=1, /C=DE/emailAddress=ssladmin at v.de
>> 2014.07.16 09:50:36 LOG4[15937:0]: CERT: Verification error: self
>> signed
>> certificate in certificate chain
>> 2014.07.16 09:50:36 LOG4[15937:0]: Certificate check failed: depth=1,
>> /C=DE/emailAddress=ssladmin at v.de
>> 2014.07.16 09:50:36 LOG7[15937:0]: SSL alert (write): fatal: bad
>> certificate
>> 2014.07.16 09:50:36 LOG3[15937:0]: SSL_accept: 140890B2:
>> error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate
>> returned
>> 2014.07.16 09:50:36 LOG5[15937:0]: Connection reset: 0 byte(s) sent to
>> SSL, 0 byte(s) sent to socket
>>
>>
>> i had an hard time to find out that CApath is not working anymore.
>> I put for test all certificates into a file and used CAfile
>> and immediately the connection was established.
>>
>> Does somebody know why CApath is not working anymore?
>> Tested with stunnel 5.02, 4.56, 4.55, 4.54
>>
>> cheers,
>> jordan
>>
>>
>> _______________________________________________
>> stunnel-users mailing list
>> stunnel-users at stunnel.org
>> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>



More information about the stunnel-users mailing list