[stunnel-users] UTF8 BOM in PSKsecrets file

Jakob Hirsch jh at plonk.de
Thu May 17 12:02:24 CEST 2018


I just found out (after a while of troubleshooting) that stunnel does
not handle UTF-8 BOM in the PSKsecrets file, i.e. the BOM is considered
part of the identity (tested with 5.44, 5.45b4 and 5.45b6 on Windows 10
1709). It was a little tricky to figure this out, as the BOM is
apparently filtered out in the logs, e.g. the server just says 'No key
found for PSK identity "client1"'.

Ok, nobody says that this is supported or that you should do it, it just
happens automatically when you click "Edit Configuration" in the Windows
GUI and click "Save as" (out of convenience, because you will already be
in the config directory then), because the sample config has a BOM and
Notepad will also insert a BOM in the new file.

I don't know how much work it would be to handle the BOM correctly or at
least print a warning (didn't look at the code, sorry), a warning in the
manual would probably sufficient, as it could be that I'm the first one
to stumble over this (at least I didn't find anything about it on the net).

Regards (and thanks for this nice piece of software)

More information about the stunnel-users mailing list