[stunnel-users] MS Outlook verify = 2 using problem

• Previous message (by thread): [stunnel-users] (no subject)
• Next message (by thread): [stunnel-users] SSL session caching with multiple clients through stunnel to an https server
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Good Day!
I'm using Stunnel 4.21 on i686-pc-linux-gnu with OpenSSL 0.9.8g 19 Oct 
2007 Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6
with OpenSSL 0.9.8g 19 Oct 2007 on Fedora-like Linux server.

stunnel.conf consists:
_______________________________________________________________________________
cert = /usr/local/etc/stunnel/server.crt
key = /usr/local/etc/stunnel/server.pem

; Protocol version (all, SSLv2, SSLv3, TLSv1)
;sslVersion = SSLv3

; Some security enhancements for UNIX systems - comment them out on Win32
chroot = /usr/local/var/stunnel/
setuid = nobody
setgid = nobody
; PID is created inside chroot jail
pid = /stunnel.pid

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
;compression = rle

; Workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS

; Authentication stuff
verify = 2
; Don't forget to c_rehash CApath
; CApath is located inside chroot jail
;CApath =/usr/local/etc/stunnel/certs
; It's often easier to use CAfile
CAfile = /usr/local/etc/stunnel/ca.pem
; Don't forget to c_rehash CRLpath
; CRLpath is located inside chroot jail
;CRLpath = /crls
; Alternatively you can use CRLfile
;CRLfile = /usr/local/etc/stunnel/crl.pem

; Some debugging stuff useful for troubleshooting
debug = 7
output = stunnel.log

; Service-level configuration

[pop3s]
accept  = 995
connect = 110
________________________________________________________________________


PKI consists:

ROOT_CA
          CA
                MAIL_CON_CA
                          SERVER
                          CLIENT



server.crt - Server certificate in PEM Format;
server.pem - Server key in PEM Format with nopassword
ca.pem  - ROOT_CA, CA, MAIL_CON_CA certificates in PEM format.


When I am using MS Outlook mail Client , there are some PROBLEM with 
connections to SERVER:995


stunnel.log consists:
______________________________________________
2007.12.05 14:57:39 LOG5[16668:1074107776]: stunnel 4.21 on 
i686-pc-linux-gnu with OpenSSL 0.9.8g 19 Oct 2007
2007.12.05 14:57:39 LOG5[16668:1074107776]: Threading:PTHREAD SSL:ENGINE 
Sockets:POLL,IPv6
2007.12.05 14:57:39 LOG6[16668:1074107776]: file ulimit = 1024 (can be 
changed with 'ulimit -n')
2007.12.05 14:57:39 LOG6[16668:1074107776]: poll() used - no FD_SETSIZE 
limit for file descriptors
2007.12.05 14:57:39 LOG5[16668:1074107776]: 500 clients allowed
2007.12.05 14:57:39 LOG7[16668:1074107776]: FD 6 in non-blocking mode
2007.12.05 14:57:39 LOG7[16668:1074107776]: FD 8 in non-blocking mode
2007.12.05 14:57:39 LOG7[16668:1074107776]: FD 9 in non-blocking mode
2007.12.05 14:57:39 LOG7[16668:1074107776]: SO_REUSEADDR option set on 
accept socket
2007.12.05 14:57:39 LOG7[16668:1074107776]: pop3s bound to 0.0.0.0:995
2007.12.05 14:57:39 LOG7[16669:1074107776]: Created pid file /stunnel.pid
2007.12.05 14:57:48 LOG7[16669:1074107776]: pop3s accepted FD=10 from 
192.168.1.205:2129
2007.12.05 14:57:48 LOG7[16669:1074228016]: pop3s started
2007.12.05 14:57:48 LOG7[16669:1074228016]: FD 10 in non-blocking mode
2007.12.05 14:57:48 LOG7[16669:1074228016]: TCP_NODELAY option set on 
local socket
2007.12.05 14:57:48 LOG5[16669:1074228016]: pop3s accepted connection 
from 192.168.1.205:2129
2007.12.05 14:57:48 LOG7[16669:1074228016]: SSL state (accept): 
before/accept initialization
2007.12.05 14:57:48 LOG7[16669:1074228016]: SSL state (accept): SSLv3 
read client hello A
2007.12.05 14:57:48 LOG7[16669:1074228016]: SSL state (accept): SSLv3 
write server hello A
2007.12.05 14:57:48 LOG7[16669:1074228016]: SSL state (accept): SSLv3 
write certificate A
2007.12.05 14:57:48 LOG7[16669:1074228016]: SSL state (accept): SSLv3 
write certificate request A
2007.12.05 14:57:48 LOG7[16669:1074228016]: SSL state (accept): SSLv3 
flush data
2007.12.05 14:57:48 LOG7[16669:1074228016]: SSL alert (write): fatal: 
handshake failure
2007.12.05 14:57:48 LOG3[16669:1074228016]: SSL_accept: 140890C7: 
error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not 
return a certificate
2007.12.05 14:57:48 LOG5[16669:1074228016]: Connection reset: 0 bytes 
sent to SSL, 0 bytes sent to socket
2007.12.05 14:57:48 LOG7[16669:1074228016]: pop3s finished (0 left)
______________________________________________


I load all Server, CA , and client certificate in SYSTEM, but
there is NO Connection.

Please help Me with Stunnel and Outlook using.





       

• Previous message (by thread): [stunnel-users] (no subject)
• Next message (by thread): [stunnel-users] SSL session caching with multiple clients through stunnel to an https server
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]