[stunnel-users] Using Client Authentication

Mon Apr 16 16:05:47 CEST 2007

Hi All,

I am trying to have a setup where stunnel acts as a client to a server which
requires client-Authentication.

This is the snapshot of my stunnel.conf

# Sample stunnel configuration file
# Copyright by Michal Trojnara 2002

setuid = nobody
setgid = nobody
output = /etc/stunnel/out
cert = /etc/stunnel/rtca-client.pem
key = /etc/stunnel/rtca-client.ky

# Authentication stuff
verify = 2
# don't forget about c_rehash CApath
# it is located inside chroot jail:
#CApath = /certs
# or simply use CAfile instead:
CAfile = /etc/stunnel/rtca.pem

ciphers =
DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:IDEA-CBC-SHA:IDEA-CBC-MD5:RC2-CBC-MD5:DHE-DSS-RC4-SHA:RC4-SHA:RC4-MD5:RC4-MD5:RC4-64-MD5:EXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DES-CBC-SHA:EXP1024-RC2-CBC-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP1024-DHE-DSS-RC4-SHA:EXP1024-RC4-SHA:EXP1024-RC4-MD5:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-RC4-MD5:EXP-RC4-MD5
# Some debugging stuff
debug = 7
output = /etc/stunnel/stunnel.log

# Use it for client mode
client = yes

when I try to connect to the server, I am seeing that Stunnel is sending an
empty certificate..which is making my server to reject connections.

Can someone please help me out??

Thanks in Advance

Ravi Gowda
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20070416/4964a703/attachment.html>