[stunnel-users] STunnel nCipher openssl chil problems

Marc Phillips rmarc at copacetic.net
Thu Aug 6 18:10:14 CEST 2015


Has anyone managed to get STunnel to work with nCipher using the chil engine?

STunnel appears to load the engine just fine, but failes when loading the key:

[ ] Enabling support for engine "chil"
[ ] Initializing engine #1 (chil)
[ ] Engine #1 (chil) initialized
[.] FIPS mode disabled
[ ] Compression disabled
[ ] PRNG seeded successfully
[ ] Initializing service [https-server]
[ ] Loading certificate from file: /usr/local/stunnel/etc/keystores/servercert.crt
[ ] Loading key from engine: /usr/local/stunnel/etc/keystores/servercert.key
[!] error queue: 26096080: error:26096080:engine routines:ENGINE_load_private_key:failed loading private key
[!] ENGINE_load_private_key: 80069066: error:80069066:CHIL engine:HWCRHK_LOAD_PRIVKEY:chil error
[!] Service [https-server]: Failed to initialize SSL context

Using openssl directly, the key works fine (both with s_server and s_client).

My stunnel config is pretty simple:

pid = /usr/local/var/log/stunnel.pid
debug = 7
output = /usr/local/var/log/stunnel.log
options = -NO_SSLv3
engine = chil
CApath = /usr/local/etc/cacerts/
[https-server]
engineNum=1
accept  = 4466
connect = 4433
cert=/usr/local/stunnel/etc/keystores/servercert.crt
key=/usr/local/stunnel/etc/keystores/servercert.key

R. Marc



More information about the stunnel-users mailing list