[stunnel-users] what's wrong? error=unable to get local issuer certificate

Carsten Kr├╝ger C.Krueger at gmx.org
Tue Dec 29 16:07:10 CET 2009


I think it should work, * should match homie

1. connected with "openssl s_client -connect mail.neroon.com:995", pasted cert to dreamhost.pem

2. used this 
-----------stunnel.conf-------------
debug=7
client = yes

[pop3]
accept = 110
connect = homie.mail.dreamhost.com:995
verify=1
CAfile=c:\temp\dreamhost.pem
-----------stunnel.conf-------------

3. connect to localost:110, got "unable to get local issuer certificate

2009.12.29 16:04:25 LOG7[3044:5700]: Snagged 64 random bytes from C:/.rnd
2009.12.29 16:04:25 LOG7[3044:5700]: Wrote 0 new random bytes to C:/.rnd
2009.12.29 16:04:25 LOG7[3044:5700]: RAND_status claims sufficient entropy for the PRNG
2009.12.29 16:04:25 LOG7[3044:5700]: PRNG seeded successfully
2009.12.29 16:04:25 LOG7[3044:5700]: Loaded verify certificates from c:\temp\dreamhost.pem
2009.12.29 16:04:25 LOG7[3044:5700]: Loaded c:\temp\dreamhost.pem revocation lookup file
2009.12.29 16:04:25 LOG7[3044:5700]: SSL context initialized for service pop3
2009.12.29 16:04:25 LOG5[3044:5700]: stunnel 4.29 on x86-pc-mingw32-gnu with OpenSSL 0.9.8l 5 Nov 2009
2009.12.29 16:04:25 LOG5[3044:5700]: Threading:WIN32 SSL:ENGINE Sockets:SELECT,IPv6
2009.12.29 16:04:25 LOG5[3044:4320]: No limit detected for the number of clients
2009.12.29 16:04:25 LOG7[3044:4320]: FD 1832 in non-blocking mode
2009.12.29 16:04:25 LOG7[3044:4320]: SO_REUSEADDR option set on accept socket
2009.12.29 16:04:25 LOG7[3044:4320]: pop3 bound to 0.0.0.0:110
2009.12.29 16:04:40 LOG7[3044:4320]: pop3 accepted FD=1808 from 127.0.0.1:3257
2009.12.29 16:04:40 LOG7[3044:4320]: Creating a new thread
2009.12.29 16:04:40 LOG7[3044:4320]: New thread created
2009.12.29 16:04:40 LOG7[3044:2340]: pop3 started
2009.12.29 16:04:40 LOG7[3044:2340]: FD 1808 in non-blocking mode
2009.12.29 16:04:40 LOG5[3044:2340]: pop3 accepted connection from 127.0.0.1:3257
2009.12.29 16:04:40 LOG7[3044:2340]: FD 1768 in non-blocking mode
2009.12.29 16:04:40 LOG6[3044:2340]: connect_blocking: connecting 208.97.132.208:995
2009.12.29 16:04:40 LOG7[3044:2340]: connect_blocking: s_poll_wait 208.97.132.208:995: waiting 10 seconds
2009.12.29 16:04:40 LOG5[3044:2340]: connect_blocking: connected 208.97.132.208:995
2009.12.29 16:04:40 LOG5[3044:2340]: pop3 connected remote server from 192.168.0.2:3258
2009.12.29 16:04:40 LOG7[3044:2340]: Remote FD=1768 initialized
2009.12.29 16:04:40 LOG7[3044:2340]: SSL state (connect): before/connect initialization
2009.12.29 16:04:40 LOG7[3044:2340]: SSL state (connect): SSLv3 write client hello A
2009.12.29 16:04:40 LOG7[3044:2340]: SSL state (connect): SSLv3 read server hello A
2009.12.29 16:04:40 LOG4[3044:2340]: VERIFY ERROR: depth=0, error=unable to get local issuer certificate: /C=US/ST=California/L=Brea/O=Dreamhost.com/OU=Security/CN=*.mail.dreamhost.com/emailAddress=support at dreamhost.com
2009.12.29 16:04:40 LOG7[3044:2340]: SSL alert (write): fatal: bad certificate
2009.12.29 16:04:40 LOG3[3044:2340]: SSL_connect: 14090086: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
2009.12.29 16:04:40 LOG5[3044:2340]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
2009.12.29 16:04:40 LOG7[3044:2340]: pop3 finished (0 left)




More information about the stunnel-users mailing list