[stunnel-users] STunnel nCipher openssl chil problems
Marc Phillips
rmarc at copacetic.net
Thu Aug 6 18:10:14 CEST 2015
Has anyone managed to get STunnel to work with nCipher using the chil engine?
STunnel appears to load the engine just fine, but failes when loading the key:
[ ] Enabling support for engine "chil"
[ ] Initializing engine #1 (chil)
[ ] Engine #1 (chil) initialized
[.] FIPS mode disabled
[ ] Compression disabled
[ ] PRNG seeded successfully
[ ] Initializing service [https-server]
[ ] Loading certificate from file: /usr/local/stunnel/etc/keystores/servercert.crt
[ ] Loading key from engine: /usr/local/stunnel/etc/keystores/servercert.key
[!] error queue: 26096080: error:26096080:engine routines:ENGINE_load_private_key:failed loading private key
[!] ENGINE_load_private_key: 80069066: error:80069066:CHIL engine:HWCRHK_LOAD_PRIVKEY:chil error
[!] Service [https-server]: Failed to initialize SSL context
Using openssl directly, the key works fine (both with s_server and s_client).
My stunnel config is pretty simple:
pid = /usr/local/var/log/stunnel.pid
debug = 7
output = /usr/local/var/log/stunnel.log
options = -NO_SSLv3
engine = chil
CApath = /usr/local/etc/cacerts/
[https-server]
engineNum=1
accept = 4466
connect = 4433
cert=/usr/local/stunnel/etc/keystores/servercert.crt
key=/usr/local/stunnel/etc/keystores/servercert.key
R. Marc
More information about the stunnel-users
mailing list