[stunnel-users] Stunnel 5.57b2 OpenSSL 1.1.1g
Małgorzata Olszówka
Malgorzata.Olszowka at stunnel.org
Tue May 19 14:35:37 CEST 2020
On 19.05.2020 at 08:11, Olaf Brandt wrote:
> [!] error queue: crypto/x509/by_file.c:205: error:0B084009:x509 certificate routines:X509_load_cert_crl_file:PEM lib
> [!] error queue: crypto/pem/pem_info.c:196: error:0907400D:PEM routines:PEM_X509_INFO_read_bio:ASN1 lib
> [!] error queue: crypto/asn1/tasn_dec.c:290: error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error
> [!] error queue: crypto/asn1/tasn_dec.c:1118: error:0D068066:asn1 encoding routines:asn1_check_tlen:bad object header
> [!] SSL_CTX_load_verify_locations: crypto/asn1/asn1_lib.c:91: error:0D07209B:asn1 encoding routines:ASN1_get_object:too long
> [dns_local]
> sslVersion = TLSv1.3
> client = yes
> accept = localhost:1053
> connect = 185.95.218.42:853
> checkHost = dns.digitale-gesellschaft.ch
> verifyPeer = yes
> CAfile = /etc/stunnel/cf.crt
>
Hello Olaf,
Could you check if only the correct certificate is located in the cf.crt
file?
The error logs suggest that there may be a second corrupted certificate
in this file.
I'm attaching my certificate file to compare. It works for me.
$ cat my_cf.crt
-----BEGIN CERTIFICATE-----
MIIFrjCCBJagAwIBAgISAxYZh2KsvuySe251uKMuuuooMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0yMDA1MTcyMTAwMjJaFw0y
MDA4MTUyMTAwMjJaMCcxJTAjBgNVBAMTHGRucy5kaWdpdGFsZS1nZXNlbGxzY2hh
ZnQuY2gwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAAQNCJFsHfkYG
/OAhVpPEajyIyN++kdbYerf8P4zxuXTswTsrAv4nkx7W06GVMe3HBiYodGB+cFM5
S+VDwoHcUPPXnguHWyzoqOtxvHsEktW+ZroO2J8nKHeffGgvL2Qtiob3z8Y6wRvU
6ZXWwPN38815FkCGztXcvrLGW3z+42iNJWFBqJmz9GJgGb+WMkbv5GrCPQD2RLlj
lFAO+6DhiOt5z7el0SkM1r/urRubjnyUT/haDqdeYudnYZ6Dy6D3Vva87N9NYGr+
CPocrhcFVA+w+B9seMqgmexLBrN5l4jRfsiTzxVrnerS74jaG+gr3Q1u8n7zdWAD
aodkeeYfAgMBAAGjggKvMIICqzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI
KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFJzjDvTx
YGDsIX3Y1l8Oe/+Q22gBMB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyh
MG8GCCsGAQUFBwEBBGMwYTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AuaW50LXgz
LmxldHNlbmNyeXB0Lm9yZzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgz
LmxldHNlbmNyeXB0Lm9yZy8wZQYDVR0RBF4wXIIcZG5zLmRpZ2l0YWxlLWdlc2Vs
bHNjaGFmdC5jaIIdZG5zMS5kaWdpdGFsZS1nZXNlbGxzY2hhZnQuY2iCHWRuczIu
ZGlnaXRhbGUtZ2VzZWxsc2NoYWZ0LmNoMEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcG
CysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5
cHQub3JnMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHYAB7dcG+V9aP/xsMYdIxXH
uuZXfFeUt2ruvGE6GmnTohwAAAFyJKb6LgAABAMARzBFAiA9f1pX485CoCoW/Vmu
ehEZrr6+qlpKsB5mjtYhqDX4ywIhANsGY1QmA3YozQW/CIsblSvSobOsY2rdhOeE
OnCmVDErAHYAb1N2rDHwMRnYmQCkURX/dxUcEdkCwQApBo2yCJo32RMAAAFyJKb6
jAAABAMARzBFAiEA6rwttrFxC851pxWG0sAFSQg4zLnv2h8jUxpfvTEZpQoCICEv
lAhh0KjKP3HTVE3jVlCRUaYBFneerjEuQ+FowM7yMA0GCSqGSIb3DQEBCwUAA4IB
AQCbuCT4MPx3XWeRQMe/WM9kZ3+HM44EGZOYuzXLTrN4wARcSPR0OPJXAjg7hBmq
mzkIHfli9Mev5BdAApl6xST87rHVlbCiWPDbRA9QPJKB6I+BTeHr5IZd0Mgx0jAH
f1ZIZb2gATgZgeSAOCEfrhOWVM2fscuyRwDwi9QNYSmZy3Hu9lOrJ0Uzewz05IVY
p45YjogEDegDGEHmj7XBwZ3aVwqF1xkFT/mPjLVgP2fw2P0QmK3eJYh7Zw+94Xwh
+zWMsiZ43rFUpOmf4EjWGg5gpvYhjLPfIaEMFtSrkzpdlCI0QFt+7+r4oRXWjWmq
QP6ub3ndSUkaiA8VYRkA+EFs
-----END CERTIFICATE-----
Regards,
Małgorzata Olszówka
More information about the stunnel-users
mailing list