[stunnel-users] Stunnel for pop3 on solaris 2.6 ( Even more info)

• Previous message (by thread): [stunnel-users] Stunnel for pop3 on solaris 2.6 ( Even more info)
• Next message (by thread): [stunnel-users] Stunnel for pop3 on solaris 2.6 (more info)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

If I set "client = no" in stunnels config file I get the following from:


openssl s_client -connect 172.20.12.59:995

CONNECTED(00000003)
depth=0 /C=US/ST=Nevada/L=Las Vegas/O=Bechtel/OU=RSL/CN=test1
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=US/ST=Nevada/L=Las Vegas/O=Bechtel/OU=RSL/CN=test1
verify return:1
30463:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake 
failure:s23_lib.c:226:


Is a "self signed" Cert OK?  I didn't sign anything though.  Compiling 
stunnel created a cert.  Installing openssl I think created a cert.  Do 
these need to match somehow?  If so how do you do that?  I think I'm 
lost here...

Regards

Doug P


Douglas Phillipson wrote:

 > I have a Solaris 2.6 box and am trying to get pop3 over SSL running. 
  I use:
 >
 > qpopper 4.0.5
 > openssl-0.9.7g
 > stunnel 4.10  compiled with gcc 2.95.3
 >
 > When I compiled stunnel it made a private ket and certificate in 
/usr/local/etc/stunnel/stunnel.pem.
 >
 > Do I need anything else?
 >
 > I have the following configuration:
 >
 > Inetd.conf:
 >
 > pop3 stream tcp nowait root /usr/local/sbin/popper qpopper -S  -t /poplog
 >
 > stunnel.conf:
 >
 > cert = /usr/local/etc/stunnel/stunnel.pem
 > key = /usr/local/etc/stunnel/stunnel.pem
 > debug = 7
 > output = /stunnel.log
 > pid = /stunnel.pid
 > client = yes
 >
 > [pop3s]
 > accept  = 995
 > connect = 110
 >
 > I run stunnel and get the following output:
 >
 > 2005.07.06 11:34:17 LOG5[17873:1]: stunnel 4.10 on 
sparc-sun-solaris2.6 UCONTEXT+POLL+IPv4 with OpenSSL 0.9.7g 11 Apr 2005
 > 2005.07.06 11:34:18 LOG7[17873:1]: Snagged 64 random bytes from //.rnd
 > 2005.07.06 11:34:18 LOG7[17873:1]: Wrote 1024 new random bytes to //.rnd
 > 2005.07.06 11:34:18 LOG7[17873:1]: RAND_status claims sufficient 
entropy for the PRNG
 > 2005.07.06 11:34:18 LOG6[17873:1]: PRNG seeded successfully
 > 2005.07.06 11:34:18 LOG7[17873:1]: Certificate: 
/usr/local/etc/stunnel/stunnel.pem
 > 2005.07.06 11:34:18 LOG7[17873:1]: Key file: 
/usr/local/etc/stunnel/stunnel.pem
 > 2005.07.06 11:34:18 LOG6[17873:1]: file ulimit = 64 (can be changed 
with 'ulimit -n')
 > 2005.07.06 11:34:18 LOG6[17873:1]: poll() used - no FD_SETSIZE limit 
for file descriptors
 > 2005.07.06 11:34:18 LOG5[17873:1]: 29 clients allowed
 > 2005.07.06 11:34:18 LOG7[17873:1]: FD 4 in non-blocking mode
 > 2005.07.06 11:34:18 LOG7[17873:1]: FD 5 in non-blocking mode
 > 2005.07.06 11:34:18 LOG7[17873:1]: FD 6 in non-blocking mode
 > 2005.07.06 11:34:18 LOG7[17873:1]: SO_REUSEADDR option set on accept 
socket
 > 2005.07.06 11:34:18 LOG7[17873:1]: pop3s bound to 0.0.0.0:995
 > 2005.07.06 11:34:18 LOG7[17874:1]: Created pid file /stunnel.pid
 > 2005.07.06 11:34:18 LOG7[17874:0]: Waiting -1 second(s) for 2 file 
descriptor(s)
 >
 >
 > I connect via pop3 in thunderbird with ssl and qpopper always says:
 > (null) at localhost (127.0.0.1): -ERR Unknown command: "".
 >  (nulI/O error flushing output to client  at localhost [127.0.0.1]: 
Broken pipe (32)l) at localhost (127.0.0.1): -ERR POP EOF or I/O Error
 >
 > Stunnel says:
 >
 > 2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 1, FD=4, (IN)->()
 > 2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 1, FD=6, (IN)->(IN)
 > 2005.07.06 11:37:13 LOG7[17884:1]: pop3s accepted FD=0 from 
172.20.10.7:45464
 > 2005.07.06 11:37:13 LOG7[17884:1]: Creating a new context
 > 2005.07.06 11:37:13 LOG7[17884:1]: Context 2 created
 > 2005.07.06 11:37:13 LOG7[17884:2]: pop3s started
 > 2005.07.06 11:37:13 LOG7[17884:2]: FD 0 in non-blocking mode
 > 2005.07.06 11:37:13 LOG7[17884:2]: TCP_NODELAY option set on local socket
 > 2005.07.06 11:37:13 LOG5[17884:2]: pop3s connected from 172.20.10.7:45464
 > 2005.07.06 11:37:13 LOG7[17884:2]: FD 1 in non-blocking mode
 > 2005.07.06 11:37:13 LOG7[17884:2]: pop3s connecting 127.0.0.1:110
 > 2005.07.06 11:37:13 LOG7[17884:2]: Remote FD=1 initialized
 > 2005.07.06 11:37:13 LOG7[17884:2]: TCP_NODELAY option set on remote 
socket
 > 2005.07.06 11:37:13 LOG7[17884:2]: SSL state (connect): 
before/connect initialization
 > 2005.07.06 11:37:13 LOG7[17884:2]: SSL state (connect): SSLv3 write 
client hello A
 > 2005.07.06 11:37:13 LOG7[17884:0]: Waiting 300 second(s) for 3 file 
descriptor(s)
 > 2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 1, FD=4, (IN)->()
 > 2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 1, FD=6, (IN)->()
 > 2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 2, FD=1, (IN)->(IN)
 >
 > The mail never gets delivered to either Thunderbird or outlook express.
 > I get a certificate approval request from Thunderbird to which I 
grant, then nothing.  If I disable ssl in thunderbird the mail gets 
accepted normally.
 >
 > What might I be doing wrong???
 >
 > Thanks
 >
 > Doug P
 > _______________________________________________
 > stunnel-users mailing list
 > stunnel-users at mirt.net
 > http://stunnel.mirt.net/mailman/listinfo/stunnel-users

• Previous message (by thread): [stunnel-users] Stunnel for pop3 on solaris 2.6 ( Even more info)
• Next message (by thread): [stunnel-users] Stunnel for pop3 on solaris 2.6 (more info)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]