[stunnel-users] Configuring Stunnel to work between client and server - possible certificate issue

Ludolf Holzheid lholzheid at bihl-wiedemann.de
Tue May 17 18:01:22 CEST 2016


On Tue, 2016-05-17 13:50:04 +0000, David Faizulaev wrote:
> Hello,
> 
> I've tried changing the value of 'verify' to 0 & 1, in both cases I get the following:
> 
> 2016.05.17 16:40:25 LOG3[285]: SSL_connect: 14090086: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
> 2016.05.17 16:40:25 LOG5[285]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket
> 2016.05.17 16:40:25 LOG4[285]: Possible memory leak at .\crypto\asn1\tasn_new.c:179: 11859 allocations
> 2016.05.17 16:40:25 LOG4[285]: Possible memory leak at .\crypto\asn1\asn1_lib.c:408: 11241 allocations

Strange.  I never used verify = 0, but I had the understanding,
stunnel should accept a connection even if the peer's certificate
can't be verified.

Anyhow, what happens if you add the self-signed certificate presented
by the peer to the CA file?

Ludolf

-- 

Ludolf Holzheid
 
Bihl+Wiedemann GmbH
Floßwörthstraße 41
68199 Mannheim, Germany
 
Tel: +49 621 33996-0
Fax: +49 621 3392239
 
mailto:lholzheid at bihl-wiedemann.de
http://www.bihl-wiedemann.de
 
Sitz der Gesellschaft: Mannheim
Geschäftsführer: Jochen Bihl, Bernhard Wiedemann
Amtsgericht Mannheim, HRB 5796


More information about the stunnel-users mailing list