[stunnel-users] Configuring Stunnel to work between client and server - possible certificate issue

David Faizulaev David.Faizulaev at nextnine.com
Tue May 17 16:01:49 CEST 2016


I've tried with setting the values to 3 & 4 and I get:

2016.05.17 16:52:51 LOG4[332]: CERT: Pre-verification error: self signed certificate in certificate chain
2016.05.17 16:52:51 LOG4[332]: Rejected by CERT at depth=1: CN=MyCA
2016.05.17 16:52:51 LOG3[332]: SSL_connect: 14090086: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
2016.05.17 16:52:51 LOG5[332]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket
2016.05.17 16:52:51 LOG4[332]: Possible memory leak at .\crypto\asn1\tasn_new.c:179: 23328 allocations
2016.05.17 16:52:51 LOG4[332]: Possible memory leak at .\crypto\asn1\asn1_lib.c:408: 22022 allocations
2016.05.17 16:52:51 LOG4[332]: Possible memory leak at .\crypto\asn1\a_object.c:346: 18299 allocations
2016.05.17 16:52:51 LOG4[332]: Possible memory leak at .\crypto\asn1\a_object.c:315: 18299 allocations
2016.05.17 16:52:51 LOG4[332]: Possible memory leak at .\crypto\asn1\asn1_lib.c:372: 17132 allocations

Best Regards,
David.



David Faizulaev | PL/SQL Developer | T  +972 (3) 767 3026 | M +972 (54) 7314687

Centralized OT Security Management for Distributed SCADA/ICS Networks

 Please consider the environment before printing this e-mail

-----Original Message-----
From: David Faizulaev 
Sent: Tuesday, May 17, 2016 4:48 PM
To: stunnel-users at stunnel.org
Subject: RE: [stunnel-users] Configuring Stunnel to work between client and server - possible certificate issue

Hello,

I've tried changing the value of 'verify' to 0 & 1, in both cases I get the following:

2016.05.17 16:40:25 LOG3[285]: SSL_connect: 14090086: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
2016.05.17 16:40:25 LOG5[285]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket
2016.05.17 16:40:25 LOG4[285]: Possible memory leak at .\crypto\asn1\tasn_new.c:179: 11859 allocations
2016.05.17 16:40:25 LOG4[285]: Possible memory leak at .\crypto\asn1\asn1_lib.c:408: 11241 allocations

Best Regards,
David.



David Faizulaev | PL/SQL Developer | T  +972 (3) 767 3026 | M +972 (54) 7314687

Centralized OT Security Management for Distributed SCADA/ICS Networks

 Please consider the environment before printing this e-mail

-----Original Message-----
From: stunnel-users [mailto:stunnel-users-bounces at stunnel.org] On Behalf Of Ludolf Holzheid
Sent: Tuesday, May 17, 2016 4:45 PM
To: stunnel-users at stunnel.org
Subject: Re: [stunnel-users] Configuring Stunnel to work between client and server - possible certificate issue

On Tue, 2016-05-17 13:33:31 +0000, David Faizulaev wrote:
> Between each certificate block I have the following block:
> 
> Bag Attributes
>     friendlyName: trustcenterclass2caii
>     2.16.840.1.113894.746875.1.1: <Unsupported tag 6> 
> subject=/C=DE/O=TC TrustCenter GmbH/OU=TC TrustCenter Class 2 CA/CN=TC 
> TrustCenter Class 2 CA II issuer=/C=DE/O=TC TrustCenter GmbH/OU=TC 
> TrustCenter Class 2 CA/CN=TC TrustCenter Class 2 CA II
> 
> possible cause?

No, this should be ignored as a comment.

But you instructed stunnel to check the peer's certificate against the trusted ones (verify = 2), and the certificate chain the peer presents ends with a certificate not found in the CA file.

Ludolf

-- 

Ludolf Holzheid
 
Bihl+Wiedemann GmbH
Floßwörthstraße 41
68199 Mannheim, Germany
 
Tel: +49 621 33996-0
Fax: +49 621 3392239
 
mailto:lholzheid at bihl-wiedemann.de
http://www.bihl-wiedemann.de
 
Sitz der Gesellschaft: Mannheim
Geschäftsführer: Jochen Bihl, Bernhard Wiedemann Amtsgericht Mannheim, HRB 5796 _______________________________________________
stunnel-users mailing list
stunnel-users at stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users


More information about the stunnel-users mailing list