[stunnel-users] certificate authentications

John A. Wallace jw72253 at verizon.net
Fri Jan 20 19:51:45 CET 2012

Hello.  I want to repost this because I have heard nothing in response
although it was posted a few days ago.  I am new to using this group and not
certain how long I should expect to wait.  Excuse the reposting if I should
seem impatient, as I do not mean it in that way. But I do want to be sure
that I am posting it correctly too.  Thanks.





From: stunnel-users-bounces at stunnel.org
[mailto:stunnel-users-bounces at stunnel.org] On Behalf Of John A. Wallace
Sent: Tuesday, January 17, 2012 3:03 AM
To: stunnel-users at stunnel.org
Subject: [stunnel-users] certificate authentications
Importance: High


I have two questions, which I think may be related, regarding how to use the
information from stunnel log.  I use stunnel to connect to an SMTP server on
the internet from my home network, and in particular from my Windows laptop.
My stunnel version is this:


stunnel 4.50 on x86-pc-mingw32-gnu platform

Compiled/running with OpenSSL 0.9.8r-fips 8 Feb 2011


It works well for my purposes, and I can see, by using a program for
monitoring process and network connections, that the connections are now
secured as expected. However, I believe it can be made more secure if I can
utilize the certificate that is offered by the server, but I am not sure how
to make that happen.


In my stunnel log for the connection, I get this message:


Client-mode smtp protocol negotiations started

Client-mode smtp protocol negotiations succeeded

No peer certificate received

SSL connected: new session negotiated

Negotiated ciphers: ADH-AES256-SHA SSLv3 Kx=DH Au=None Enc=AES(256) Mac=SHA1


My first question is, how should I go about getting that "No peer
certificate received" issue corrected and how do I install it?  Secondly,
when I issue this command at the cmd shell prompt:


               openssl s_client -starttls smtp -connect host.server:port

The output is lengthy and it includes, among other things, clearly what is
identified as a certificate.  I have been told that this is a good
certificate, and one that I should utilize for an authenticated connection.
So, my question is, is this the same certificate that I saw referenced in
the log as the "peer certificate", and how do I go about putting this
certificate where it belongs in my directory? I know how to copy it and save
it as a file, but where do I put it and should it have a special name?  


If someone wants to direct me to the correct instruction for doing this,
that would be fine too.  I am just looking for some pointers for assistance.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20120120/46a5f336/attachment.html>

More information about the stunnel-users mailing list