[stunnel-users] stunnel-users Digest, Vol 34, Issue 4

• Previous message (by thread): [stunnel-users] with the windows version it isn't better...same kind of errors
• Next message (by thread): [stunnel-users] Several connections on a short period of time problem
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>> in cygwin i have the following errors:
>> $  openssl req -new -x509 -days 365 -nodes -config
>> /etc/stunnel/stunnel.conf -out stunnel.pem -keyout stunnel.pem
>> Generating a 512 bit RSA private key
>> ..++++++++++++
>> .....++++++++++++
>> writing new private key to 'stunnel.pem'
>> -----
>> unable to find 'distinguished_name' in config
>> problems making Certificate Request
>> 1988:error:0E06D06C:configuration file routines:NCONF_get_string:no
>> value:conf_lib.c:329:group=req name=distinguished_name
>>
>> $  /usr/bin/stunnel.exe
>> 2007.05.13 22:37:12 LOG4[2188:6422536]: Wrong permissions on
>> /etc/stunnel/mail.pem
>> 2007.05.13 22:37:12 LOG3[2188:6422536]: Error reading certificate file:
>> /etc/stunnel/stunnel.pem
>> 2007.05.13 22:37:12 LOG3[2188:6422536]: error stack: 140DC009 :
>> error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib
>> 2007.05.13 22:37:12 LOG3[2188:6422536]:
>> SSL_CTX_use_certificate_chain_file: 906D06C: error:0906D06C:PEM
>> routines:PEM_read_bio:no start line
>>
>> and i ran all as Administrator
>
> Can you please post your /etc/stunnel/stunnel.conf, and also the results
> of
> 'ls -al /etc/stunnel'.  Thanks, Andrew.
>
$ ls -al /etc/stunnel/
total 6
drwx------+  2 FC1           Users      0 May 13 22:37 .
drwx------+ 11 FC1           Users      0 May 13 21:56 ..
lrwxrwxrwx   1 Administrator Nessuno   11 May 13 22:37 mail.pem ->
stunnel.pem
-rwx------   1 Administrator Nessuno 1578 May 13 22:36 stunnel.conf
-rwx------+  1 FC1           Users   1533 May 13 22:13 stunnel.conf-sample
-rw-r--r--   1 Administrator Nessuno  497 May 13 22:36 stunnel.pem


$ cat /etc/stunnel/stunnel.conf
#; Sample stunnel configuration file by Michal Trojnara 2002-2006
#; Some options used here may not be adequate for your particular
configuration
#; Please make sure you understand them (especially the effect of chroot
jail)

#; Certificate/key is needed in server mode and optional in client mode
#;cert = /etc/stunnel/mail.pem
key = /etc/stunnel/mail.pem

#; Protocol version (all, SSLv2, SSLv3, TLSv1)
sslVersion = SSLv3

#; Some security enhancements for UNIX systems - comment them out on Win32
chroot = /var/lib/stunnel/
setuid = nobody
setgid = nobody
#; PID is created inside chroot jail
pid = /stunnel.pid

#; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
#;compression = rle

#; Workaround for Eudora bug
#;options = DONT_INSERT_EMPTY_FRAGMENTS

#; Authentication stuff
#;verify = 2
#; Don't forget to c_rehash CApath
#; CApath is located inside chroot jail
#;CApath = /certs
#; It's often easier to use CAfile
#;CAfile = /etc/stunnel/certs.pem
#; Don't forget to c_rehash CRLpath
#; CRLpath is located inside chroot jail
#;CRLpath = /crls
#; Alternatively you can use CRLfile
#;CRLfile = /etc/stunnel/crls.pem

#; Some debugging stuff useful for troubleshooting
#;debug = 7
#;output = stunnel.log

#; Use it for client mode
#;client = yes

#; Service-level configuration

#;[pop3s]
#;accept  = 995
#;connect = 110

#;[imaps]
#;accept  = 993
#;connect = 143

#;[ssmtp]
#;accept  = 465
#;connect = 25

#;[https]
##;accept  = 443
#;connect = 80
#;TIMEOUTclose = 0

#; vim:ft=dosini

[vnc]
accept = 127.0.0.1:5500
connect = 192.168.1.107:443

• Previous message (by thread): [stunnel-users] with the windows version it isn't better...same kind of errors
• Next message (by thread): [stunnel-users] Several connections on a short period of time problem
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]