[stunnel-users] stunnel-users Digest, Vol 34, Issue 5

Mon May 21 19:50:19 CEST 2007

>
>>> in cygwin i have the following errors:
>>> $  openssl req -new -x509 -days 365 -nodes -config
>>> /etc/stunnel/stunnel.conf -out stunnel.pem -keyout stunnel.pem
>>> Generating a 512 bit RSA private key
>>> ..++++++++++++
>>> .....++++++++++++
>>> writing new private key to 'stunnel.pem'
>>> -----
>>> unable to find 'distinguished_name' in config
>>> problems making Certificate Request
>>> 1988:error:0E06D06C:configuration file routines:NCONF_get_string:no
>>> value:conf_lib.c:329:group=req name=distinguished_name
>>>
>>> $  /usr/bin/stunnel.exe
>>> 2007.05.13 22:37:12 LOG4[2188:6422536]: Wrong permissions on
>>> /etc/stunnel/mail.pem
>>> 2007.05.13 22:37:12 LOG3[2188:6422536]: Error reading certificate file:
>>> /etc/stunnel/stunnel.pem
>>> 2007.05.13 22:37:12 LOG3[2188:6422536]: error stack: 140DC009 :
>>> error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib
>>> 2007.05.13 22:37:12 LOG3[2188:6422536]:
>>> SSL_CTX_use_certificate_chain_file: 906D06C: error:0906D06C:PEM
>>> routines:PEM_read_bio:no start line
>>>
>>> and i ran all as Administrator
>>
>> Can you please post your /etc/stunnel/stunnel.conf, and also the results
>> of
>> 'ls -al /etc/stunnel'.  Thanks, Andrew.
>>
> $ ls -al /etc/stunnel/
> total 6
> drwx------+  2 FC1           Users      0 May 13 22:37 .
> drwx------+ 11 FC1           Users      0 May 13 21:56 ..
> lrwxrwxrwx   1 Administrator Nessuno   11 May 13 22:37 mail.pem ->
> stunnel.pem
> -rwx------   1 Administrator Nessuno 1578 May 13 22:36 stunnel.conf
> -rwx------+  1 FC1           Users   1533 May 13 22:13 stunnel.conf-sample
> -rw-r--r--   1 Administrator Nessuno  497 May 13 22:36 stunnel.pem
>
>
> $ cat /etc/stunnel/stunnel.conf
> #; Sample stunnel configuration file by Michal Trojnara 2002-2006
> #; Some options used here may not be adequate for your particular
> configuration
> #; Please make sure you understand them (especially the effect of chroot
> jail)
>
> #; Certificate/key is needed in server mode and optional in client mode
> #;cert = /etc/stunnel/mail.pem
> key = /etc/stunnel/mail.pem
>
> #; Protocol version (all, SSLv2, SSLv3, TLSv1)
> sslVersion = SSLv3
>
> #; Some security enhancements for UNIX systems - comment them out on Win32
> chroot = /var/lib/stunnel/
> setuid = nobody
> setgid = nobody
> #; PID is created inside chroot jail
> pid = /stunnel.pid
>
> #; Some performance tunings
> socket = l:TCP_NODELAY=1
> socket = r:TCP_NODELAY=1
> #;compression = rle
>
> #; Workaround for Eudora bug
> #;options = DONT_INSERT_EMPTY_FRAGMENTS
>
> #; Authentication stuff
> #;verify = 2
> #; Don't forget to c_rehash CApath
> #; CApath is located inside chroot jail
> #;CApath = /certs
> #; It's often easier to use CAfile
> #;CAfile = /etc/stunnel/certs.pem
> #; Don't forget to c_rehash CRLpath
> #; CRLpath is located inside chroot jail
> #;CRLpath = /crls
> #; Alternatively you can use CRLfile
> #;CRLfile = /etc/stunnel/crls.pem
>
> #; Some debugging stuff useful for troubleshooting
> #;debug = 7
> #;output = stunnel.log
>
> #; Use it for client mode
> #;client = yes
>
> #; Service-level configuration
>
> #;[pop3s]
> #;accept  = 995
> #;connect = 110
>
> #;[imaps]
> #;accept  = 993
> #;connect = 143
>
> #;[ssmtp]
> #;accept  = 465
> #;connect = 25
>
> #;[https]
> ##;accept  = 443
> #;connect = 80
> #;TIMEOUTclose = 0
>
> #; vim:ft=dosini
>
> [vnc]
> accept = 127.0.0.1:5500
> connect = 192.168.1.107:443
now that i have posted the config file...do i need to post something else?