Mike,
I tried your config. I had to comment out the foreground and pid
statements, as they produced
error messages (I'm running under Win 7). I also had to change the
server address to a valid one,
but in any case I'm it's producing the same error. Here's the log:
2013.10.24 17:23:28 LOG7[2824:2876]: Service [test_cli] accepted
(FD=436) from 127.0.0.1:49487
2013.10.24 17:23:28 LOG7[2824:2876]: Creating a new thread
2013.10.24 17:23:28 LOG7[2824:2876]: New thread created
2013.10.24 17:23:28 LOG7[2824:3420]: Service [test_cli] started
2013.10.24 17:23:28 LOG5[2824:3420]: Service [test_cli] accepted
connection from 127.0.0.1:49487
2013.10.24 17:23:28 LOG6[2824:3420]: connect_blocking: connecting
69.16.186.7:443
2013.10.24 17:23:28 LOG7[2824:3420]: connect_blocking: s_poll_wait
69.16.186.7:443: waiting 10 seconds
2013.10.24 17:23:28 LOG5[2824:3420]: connect_blocking: connected
69.16.186.7:443
2013.10.24 17:23:28 LOG5[2824:3420]: Service [test_cli] connected
remote server from 192.168.5.9:49488
2013.10.24 17:23:28 LOG7[2824:3420]: Remote socket (FD=608)
initialized
2013.10.24 17:23:28 LOG7[2824:3420]: SNI: sending servername:
news80.forteinc.com
2013.10.24 17:23:28 LOG7[2824:3420]: SSL state (connect):
before/connect initialization
2013.10.24 17:23:28 LOG7[2824:3420]: SSL state (connect): SSLv3
write client hello A
2013.10.24 17:23:29 LOG7[2824:3420]: SSL state (connect): SSLv3 read
server hello A
2013.10.24 17:23:29 LOG7[2824:3420]: Starting certificate
verification: depth=0, /C=US/ST=California/L=Escondido/O=Forte
Internet Software, Inc./OU=IT/CN=*.forteinc.com
2013.10.24 17:23:29 LOG4[2824:3420]: CERT: Verification error:
unable to get local issuer certificate
2013.10.24 17:23:29 LOG4[2824:3420]: Certificate check failed:
depth=0, /C=US/ST=California/L=Escondido/O=Forte Internet Software,
Inc./OU=IT/CN=*.forteinc.com
2013.10.24 17:23:29 LOG7[2824:3420]: SSL alert (write): fatal:
unknown CA
2013.10.24 17:23:29 LOG3[2824:3420]: SSL_connect: 14090086:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed
2013.10.24 17:23:29 LOG5[2824:3420]: Connection reset: 0 byte(s)
sent to SSL, 0 byte(s) sent to socket
2013.10.24 17:23:29 LOG7[2824:3420]: Remote socket (FD=608) closed
2013.10.24 17:23:29 LOG7[2824:3420]: Local socket (FD=436) closed
2013.10.24 17:23:29 LOG7[2824:3420]: Service [test_cli] finished (1
left)
Here's my own test configuration:
debug = 7
fips = no
delay = yes
output = stunnel.log
[nntps.6]
client = yes
cafile = peer-nntps.6.pem
verify = 4
accept = 127.0.0.1:119
connect = news80.forteinc.com:443
Regards,
Thomas
On 10/24/2013 4:19 PM, Michal Trojnara wrote:
On 2013-10-24 23:07, Thomas Eifert wrote:
I'm not having your luck. Out of ten services, I have eight verfiy =
4's that work as they should, and
two that need the CA certificate to be added.
I don't think it's about luck. I'm pretty sure there is something wrong
with your configuration. The one I sent you works fine. I won't be
able to diagnose yours, because you didn't send it. Please try to
reproduce my setup first. If it doesn't help solve the problem
immediately, send me your setup so I can reproduce your error.
BTW: I highly recommend reading:
http://www.chiark.greenend.org.uk/~sgtatham/bugs.html
<http://www.chiark.greenend.org.uk/%7Esgtatham/bugs.html>
Mike
_______________________________________________
stunnel-users mailing list
[email protected]
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
--
Attention: This message and all attachments are private and may contain information that is confidential and privileged. If you received this message in error, please notify the sender by reply email and delete the message immediately.