[stunnel-users] certificate authentications

John A. Wallace jw72253 at verizon.net
Tue Jan 17 10:02:58 CET 2012

I have two questions, which I think may be related, regarding how to use the
information from stunnel log.  I use stunnel to connect to an SMTP server on
the internet from my home network, and in particular from my Windows laptop.
My stunnel version is this:


stunnel 4.50 on x86-pc-mingw32-gnu platform

Compiled/running with OpenSSL 0.9.8r-fips 8 Feb 2011


It works well for my purposes, and I can see, by using a program for
monitoring process and network connections, that the connections are now
secured as expected. However, I believe it can be made more secure if I can
utilize the certificate that is offered by the server, but I am not sure how
to make that happen.


In my stunnel log for the connection, I get this message:


Client-mode smtp protocol negotiations started

Client-mode smtp protocol negotiations succeeded

No peer certificate received

SSL connected: new session negotiated

Negotiated ciphers: ADH-AES256-SHA SSLv3 Kx=DH Au=None Enc=AES(256) Mac=SHA1


My first question is, how should I go about getting that "No peer
certificate received" issue corrected and how do I install it?  Secondly,
when I issue this command at the cmd shell prompt:


               openssl s_client -starttls smtp -connect host.server:port

The output is lengthy and it includes, among other things, clearly what is
identified as a certificate.  I have been told that this is a good
certificate, and one that I should utilize for an authenticated connection.
So, my question is, is this the same certificate that I saw referenced in
the log as the "peer certificate", and how do I go about putting this
certificate where it belongs in my directory? I know how to copy it and save
it as a file, but where do I put it and should it have a special name?  


If someone wants to direct me to the correct instruction for doing this,
that would be fine too.  I am just looking for some pointers for assistance.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20120117/9443afb7/attachment.html>

More information about the stunnel-users mailing list