[stunnel-users] Configuring Stunnel to work between client and server - possible certificate issue

David Faizulaev David.Faizulaev at nextnine.com
Wed May 18 09:24:52 CEST 2016 

Do you concatenate the self-signed certificate to the current CA?

Best Regards,
David.



David Faizulaev | PL/SQL Developer | T  +972 (3) 767 3026 | M +972 (54) 7314687

Centralized OT Security Management for Distributed SCADA/ICS Networks

 Please consider the environment before printing this e-mail

-----Original Message-----
From: stunnel-users [mailto:stunnel-users-bounces at stunnel.org] On Behalf Of Ludolf Holzheid
Sent: Tuesday, May 17, 2016 7:01 PM
To: stunnel-users at stunnel.org
Subject: Re: [stunnel-users] Configuring Stunnel to work between client and server - possible certificate issue

On Tue, 2016-05-17 13:50:04 +0000, David Faizulaev wrote:
> Hello,
> 
> I've tried changing the value of 'verify' to 0 & 1, in both cases I get the following:
> 
> 2016.05.17 16:40:25 LOG3[285]: SSL_connect: 14090086: 
> error:14090086:SSL routines:ssl3_get_server_certificate:certificate 
> verify failed
> 2016.05.17 16:40:25 LOG5[285]: Connection reset: 0 byte(s) sent to 
> SSL, 0 byte(s) sent to socket
> 2016.05.17 16:40:25 LOG4[285]: Possible memory leak at 
> .\crypto\asn1\tasn_new.c:179: 11859 allocations
> 2016.05.17 16:40:25 LOG4[285]: Possible memory leak at 
> .\crypto\asn1\asn1_lib.c:408: 11241 allocations

Strange.  I never used verify = 0, but I had the understanding, stunnel should accept a connection even if the peer's certificate can't be verified.

Anyhow, what happens if you add the self-signed certificate presented by the peer to the CA file?

Ludolf

-- 

Ludolf Holzheid
 
Bihl+Wiedemann GmbH
Floßwörthstraße 41
68199 Mannheim, Germany
 
Tel: +49 621 33996-0
Fax: +49 621 3392239
 
mailto:lholzheid at bihl-wiedemann.de
http://www.bihl-wiedemann.de
 
Sitz der Gesellschaft: Mannheim
Geschäftsführer: Jochen Bihl, Bernhard Wiedemann Amtsgericht Mannheim, HRB 5796 _______________________________________________
stunnel-users mailing list
stunnel-users at stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users

More information about the stunnel-users mailing list