[stunnel-users] Configuring Stunnel to work between client and server - possible certificate issue
David Faizulaev
David.Faizulaev at nextnine.com
Wed May 18 09:24:52 CEST 2016
Do you concatenate the self-signed certificate to the current CA?
Best Regards,
David.
David Faizulaev | PL/SQL Developer | T +972 (3) 767 3026 | M +972 (54) 7314687
Centralized OT Security Management for Distributed SCADA/ICS Networks
Please consider the environment before printing this e-mail
-----Original Message-----
From: stunnel-users [mailto:stunnel-users-bounces at stunnel.org] On Behalf Of Ludolf Holzheid
Sent: Tuesday, May 17, 2016 7:01 PM
To: stunnel-users at stunnel.org
Subject: Re: [stunnel-users] Configuring Stunnel to work between client and server - possible certificate issue
On Tue, 2016-05-17 13:50:04 +0000, David Faizulaev wrote:
> Hello,
>
> I've tried changing the value of 'verify' to 0 & 1, in both cases I get the following:
>
> 2016.05.17 16:40:25 LOG3[285]: SSL_connect: 14090086:
> error:14090086:SSL routines:ssl3_get_server_certificate:certificate
> verify failed
> 2016.05.17 16:40:25 LOG5[285]: Connection reset: 0 byte(s) sent to
> SSL, 0 byte(s) sent to socket
> 2016.05.17 16:40:25 LOG4[285]: Possible memory leak at
> .\crypto\asn1\tasn_new.c:179: 11859 allocations
> 2016.05.17 16:40:25 LOG4[285]: Possible memory leak at
> .\crypto\asn1\asn1_lib.c:408: 11241 allocations
Strange. I never used verify = 0, but I had the understanding, stunnel should accept a connection even if the peer's certificate can't be verified.
Anyhow, what happens if you add the self-signed certificate presented by the peer to the CA file?
Ludolf
--
Ludolf Holzheid
Bihl+Wiedemann GmbH
Floßwörthstraße 41
68199 Mannheim, Germany
Tel: +49 621 33996-0
Fax: +49 621 3392239
mailto:lholzheid at bihl-wiedemann.de
http://www.bihl-wiedemann.de
Sitz der Gesellschaft: Mannheim
Geschäftsführer: Jochen Bihl, Bernhard Wiedemann Amtsgericht Mannheim, HRB 5796 _______________________________________________
stunnel-users mailing list
stunnel-users at stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
More information about the stunnel-users
mailing list