[stunnel-users] First Time Troubles.

me at kilosierracharlie.me me at kilosierracharlie.me
Thu Mar 22 10:50:35 CET 2018

Hello All,

I'm trying to configure STunnel4 on Windows to connect to my VPS 
installed with STunnel, so I can use SSH through a DPI laden network.

The configuration works if I try at home, or on a mobile data hotspot, 
but if I attempt within the DPI network, it does not work, and provides 
this console output:

2018.03.22 09:30:15 LOG5[main]: stunnel 5.44 on x86-pc-msvc-1500 
2018.03.22 09:30:15 LOG5[main]: Compiled/running with OpenSSL 
1.0.2m-fips  2 Nov 2017
2018.03.22 09:30:15 LOG5[main]: Threading:WIN32 Sockets:SELECT,IPv6 
2018.03.22 09:30:15 LOG5[main]: Reading configuration from file 
2018.03.22 09:30:15 LOG5[main]: UTF-8 byte order mark detected
2018.03.22 09:30:15 LOG5[main]: FIPS mode disabled
2018.03.22 09:30:15 LOG5[main]: Configuration successful
2018.03.22 09:30:24 LOG5[0]: Service [ssh] accepted connection from
2018.03.22 09:30:24 LOG5[0]: s_connect: connected
2018.03.22 09:30:24 LOG5[0]: Service [ssh] connected remote server from
2018.03.22 09:30:25 LOG4[0]: CERT: Certificate not found in local 
2018.03.22 09:30:25 LOG4[0]: Rejected by CERT at depth=0: 
2018.03.22 09:30:25 LOG3[0]: SSL_connect: 14090086: error:14090086:SSL 
routines:ssl3_get_server_certificate:certificate verify failed
2018.03.22 09:30:25 LOG5[0]: Connection reset: 0 byte(s) sent to TLS, 0 
byte(s) sent to socket

This is the configuration I'm using:

client = yes
accept = 443
connect =
CAfile = peer-ssh.pem
verifyPeer = yes

The odd thing, is that if I connect using my mobile data, and then 
switch over to filtered internet and try again, it works fine, and adds 
the following lines to the log:

2018.03.22 09:36:46 LOG5[1]: Service [ssh] accepted connection from
2018.03.22 09:36:46 LOG5[1]: s_connect: connected
2018.03.22 09:36:46 LOG5[1]: Service [ssh] connected remote server from
2018.03.22 09:36:46 LOG5[1]: Certificate accepted at depth=0: C=GB, 
ST=Lincolnshire, L=Horncastle, O=N/A, OU=N/A, 
emailAddress=webmaster at kilosierracharlie.me

Has anyone got any ideas regarding this issue? It's not mission 
critical, but it's quite annoyingly repetitive!



More information about the stunnel-users mailing list