<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 2013-10-25 00:33, Thomas Eifert
wrote:<br>
</div>
<blockquote cite="mid:5269A02F.2000406@wi.rr.com" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
Here's my own test configuration:<br>
<div class="moz-cite-prefix"> <br>
debug = 7<br>
fips = no<br>
delay = yes<br>
output = stunnel.log<br>
<br>
[nntps.6]<br>
client = yes<br>
cafile = peer-nntps.6.pem<br>
verify = 4<br>
accept = 127.0.0.1:119<br>
connect = news80.forteinc.com:443<br>
</div>
</blockquote>
<br>
Now I could reproduce it and the solution was trivial: your news80
host was configured to use a different (older) certificate.<br>
<br>
$ openssl s_client -connect news80.forteinc.com:443 2>/dev/null |
openssl x509 -text<br>
Certificate:<br>
Data:<br>
Version: 3 (0x2)<br>
Serial Number:<br>
2d:d7:04:37:25:9c:07:49:29:e0:1f:f1:8a:2f:24:17<br>
Signature Algorithm: sha1WithRSAEncryption<br>
Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA
Limited, CN=COMODO High-Assurance Secure Server CA<br>
Validity<br>
Not Before: May 2 00:00:00 2011 GMT<br>
Not After : Jul 9 23:59:59 2013 GMT<br>
Subject: C=US/postalCode=92026, ST=California,
L=Escondido/street=2223 Bent Tree Place, O=Forte Internet Software,
Inc., OU=Internet Services, OU=Comodo PremiumSSL Wildcard,
CN=*.forteinc.com<br>
Subject Public Key Info:<br>
Public Key Algorithm: rsaEncryption<br>
Public-Key: (2048 bit)<br>
Modulus:<br>
00:d9:f1:76:45:cd:ce:a4:74:9b:7c:58:c0:72:73:<br>
85:4f:c3:b4:6e:e0:96:7a:3f:e0:32:65:77:0b:34:<br>
0f:e1:4a:28:74:5d:eb:39:7c:68:f0:ee:80:53:c9:<br>
42:56:89:cf:c5:21:ed:fd:ec:02:a4:8c:cf:16:1a:<br>
d1:fb:d0:49:ce:bf:70:73:00:7c:ef:e5:fb:5d:84:<br>
6e:94:b2:42:66:65:5e:ca:a6:89:0a:6a:8f:8c:e8:<br>
0b:4b:d3:22:f2:5d:30:d7:5c:5d:1c:ed:d7:14:c2:<br>
64:3d:96:ed:8b:22:fc:aa:30:2a:39:44:d8:da:34:<br>
73:e8:1b:ea:6a:c5:74:8d:e2:64:a3:91:2c:54:b1:<br>
6e:b6:a7:af:aa:13:eb:89:18:13:fd:1d:6d:78:0c:<br>
6c:c4:f8:e0:54:7c:1f:e7:a0:2e:b7:a8:c5:a3:60:<br>
83:96:99:15:ff:ac:80:bc:1f:a3:72:14:15:a5:2b:<br>
45:f4:c9:49:31:6e:47:39:a3:f7:fd:0e:20:a1:08:<br>
2b:f3:2b:b4:54:22:26:5f:0f:10:4a:29:0e:15:66:<br>
af:3e:70:81:c8:84:7c:db:ce:20:e3:d8:9e:d3:c2:<br>
3d:9b:55:e2:f4:e7:61:3b:12:34:f1:46:f6:08:12:<br>
4c:9a:53:62:48:6e:f7:0b:28:3c:c9:d4:7e:6f:1f:<br>
1a:53<br>
Exponent: 65537 (0x10001)<br>
X509v3 extensions:<br>
X509v3 Authority Key Identifier:<br>
keyid:3F:D5:B5:D0:D6:44:79:50:4A:17:A3:9B:8C:4A:DC:B8:B0:22:64:6B<br>
<br>
X509v3 Subject Key Identifier:<br>
C2:02:C4:6A:CF:E9:3F:BA:CC:51:FA:4C:5C:FA:E4:1C:48:38:49:67<br>
X509v3 Key Usage: critical<br>
Digital Signature, Key Encipherment<br>
X509v3 Basic Constraints: critical<br>
CA:FALSE<br>
X509v3 Extended Key Usage:<br>
TLS Web Server Authentication, TLS Web Client
Authentication<br>
X509v3 Certificate Policies:<br>
Policy: 1.3.6.1.4.1.6449.1.2.1.3.4<br>
CPS: <a class="moz-txt-link-freetext" href="https://secure.comodo.com/CPS">https://secure.comodo.com/CPS</a><br>
<br>
X509v3 CRL Distribution Points:<br>
<br>
Full Name:<br>
URI:<a class="moz-txt-link-freetext" href="http://crl.comodoca.com/COMODOHigh-AssuranceSecureServerCA.crl">http://crl.comodoca.com/COMODOHigh-AssuranceSecureServerCA.crl</a><br>
<br>
Authority Information Access:<br>
CA Issuers -
URI:<a class="moz-txt-link-freetext" href="http://crt.comodoca.com/COMODOHigh-AssuranceSecureServerCA.crt">http://crt.comodoca.com/COMODOHigh-AssuranceSecureServerCA.crt</a><br>
OCSP - URI:<a class="moz-txt-link-freetext" href="http://ocsp.comodoca.com">http://ocsp.comodoca.com</a><br>
<br>
X509v3 Subject Alternative Name:<br>
DNS:*.forteinc.com, DNS:forteinc.com<br>
Signature Algorithm: sha1WithRSAEncryption<br>
a4:a0:d9:21:f9:a7:a0:ae:66:44:fd:34:92:ac:0f:0d:cd:62:<br>
b8:93:ec:bf:dd:0c:4d:77:31:61:3d:ff:71:52:1d:0a:23:fd:<br>
bd:52:96:d4:85:49:7a:b9:81:72:d6:86:e4:d1:5f:c1:a4:fa:<br>
5c:1d:b2:ce:b9:f3:bc:7e:03:5d:ea:84:7a:b4:2c:26:7f:55:<br>
6d:93:14:3c:3a:a9:34:3a:af:a8:98:8e:7b:a8:db:f0:89:5d:<br>
f5:5d:3d:e1:da:c2:f3:21:d1:be:e4:02:c4:83:c2:a2:d4:57:<br>
61:e0:38:b2:0c:c6:e4:2c:de:12:ac:f9:c8:22:e2:6f:4d:44:<br>
21:64:5f:10:c4:1a:58:6e:76:75:dd:e4:87:99:25:45:6b:73:<br>
4c:ee:39:d5:88:a6:35:5b:92:3d:12:66:c4:26:fa:e8:74:bd:<br>
54:44:a8:01:b7:a0:49:2f:8b:52:cc:60:91:47:f1:23:9f:3d:<br>
e8:f4:8e:bc:46:2e:71:60:34:7d:13:80:79:e0:46:a3:e6:bf:<br>
bf:d2:f1:3b:fb:5c:45:33:b7:c3:40:69:9a:b8:0c:06:90:1c:<br>
53:d9:46:b7:05:e5:d8:b7:de:7f:e2:33:1f:b7:e5:67:4a:0a:<br>
7e:8d:0e:d4:5a:03:b6:58:15:50:42:ba:92:3e:a1:00:91:1a:<br>
5e:70:c3:2b<br>
-----BEGIN CERTIFICATE-----<br>
MIIFxDCCBKygAwIBAgIQLdcENyWcB0kp4B/xii8kFzANBgkqhkiG9w0BAQUFADCB<br>
iTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G<br>
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxLzAtBgNV<br>
BAMTJkNPTU9ETyBIaWdoLUFzc3VyYW5jZSBTZWN1cmUgU2VydmVyIENBMB4XDTEx<br>
MDUwMjAwMDAwMFoXDTEzMDcwOTIzNTk1OVowgecxCzAJBgNVBAYTAlVTMQ4wDAYD<br>
VQQREwU5MjAyNjETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJRXNjb25k<br>
aWRvMR0wGwYDVQQJExQyMjIzIEJlbnQgVHJlZSBQbGFjZTEmMCQGA1UEChMdRm9y<br>
dGUgSW50ZXJuZXQgU29mdHdhcmUsIEluYy4xGjAYBgNVBAsTEUludGVybmV0IFNl<br>
cnZpY2VzMSMwIQYDVQQLExpDb21vZG8gUHJlbWl1bVNTTCBXaWxkY2FyZDEXMBUG<br>
A1UEAxQOKi5mb3J0ZWluYy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK<br>
AoIBAQDZ8XZFzc6kdJt8WMByc4VPw7Ru4JZ6P+AyZXcLNA/hSih0Xes5fGjw7oBT<br>
yUJWic/FIe397AKkjM8WGtH70EnOv3BzAHzv5ftdhG6UskJmZV7KpokKao+M6AtL<br>
0yLyXTDXXF0c7dcUwmQ9lu2LIvyqMCo5RNjaNHPoG+pqxXSN4mSjkSxUsW62p6+q<br>
E+uJGBP9HW14DGzE+OBUfB/noC63qMWjYIOWmRX/rIC8H6NyFBWlK0X0yUkxbkc5<br>
o/f9DiChCCvzK7RUIiZfDxBKKQ4VZq8+cIHIhHzbziDj2J7Twj2bVeL052E7EjTx<br>
RvYIEkyaU2JIbvcLKDzJ1H5vHxpTAgMBAAGjggHGMIIBwjAfBgNVHSMEGDAWgBQ/<br>
1bXQ1kR5UEoXo5uMSty4sCJkazAdBgNVHQ4EFgQUwgLEas/pP7rMUfpMXPrkHEg4<br>
SWcwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYB<br>
BQUHAwEGCCsGAQUFBwMCMEYGA1UdIAQ/MD0wOwYMKwYBBAGyMQECAQMEMCswKQYI<br>
KwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5jb20vQ1BTME8GA1UdHwRI<br>
MEYwRKBCoECGPmh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0NPTU9ET0hpZ2gtQXNz<br>
dXJhbmNlU2VjdXJlU2VydmVyQ0EuY3JsMIGABggrBgEFBQcBAQR0MHIwSgYIKwYB<br>
BQUHMAKGPmh0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET0hpZ2gtQXNzdXJh<br>
bmNlU2VjdXJlU2VydmVyQ0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5j<br>
b21vZG9jYS5jb20wJwYDVR0RBCAwHoIOKi5mb3J0ZWluYy5jb22CDGZvcnRlaW5j<br>
LmNvbTANBgkqhkiG9w0BAQUFAAOCAQEApKDZIfmnoK5mRP00kqwPDc1iuJPsv90M<br>
TXcxYT3/cVIdCiP9vVKW1IVJermBctaG5NFfwaT6XB2yzrnzvH4DXeqEerQsJn9V<br>
bZMUPDqpNDqvqJiOe6jb8Ild9V094drC8yHRvuQCxIPCotRXYeA4sgzG5CzeEqz5<br>
yCLib01EIWRfEMQaWG52dd3kh5klRWtzTO451YimNVuSPRJmxCb66HS9VESoAbeg<br>
SS+LUsxgkUfxI5896PSOvEYucWA0fROAeeBGo+a/v9LxO/tcRTO3w0BpmrgMBpAc<br>
U9lGtwXl2Lfef+IzH7flZ0oKfo0O1FoDtlgVUEK6kj6hAJEaXnDDKw==<br>
-----END CERTIFICATE-----<br>
<br>
Mike<br>
</body>
</html>