Hello, I've tried changing the value of 'verify' to 0 & 1, in both cases I get the following:
2016.05.17 16:40:25 LOG3[285]: SSL_connect: 14090086: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed 2016.05.17 16:40:25 LOG5[285]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket 2016.05.17 16:40:25 LOG4[285]: Possible memory leak at .\crypto\asn1\tasn_new.c:179: 11859 allocations 2016.05.17 16:40:25 LOG4[285]: Possible memory leak at .\crypto\asn1\asn1_lib.c:408: 11241 allocations Best Regards, David. David Faizulaev | PL/SQL Developer | T +972 (3) 767 3026 | M +972 (54) 7314687 Centralized OT Security Management for Distributed SCADA/ICS Networks Please consider the environment before printing this e-mail -----Original Message----- From: stunnel-users [mailto:[email protected]] On Behalf Of Ludolf Holzheid Sent: Tuesday, May 17, 2016 4:45 PM To: [email protected] Subject: Re: [stunnel-users] Configuring Stunnel to work between client and server - possible certificate issue On Tue, 2016-05-17 13:33:31 +0000, David Faizulaev wrote: > Between each certificate block I have the following block: > > Bag Attributes > friendlyName: trustcenterclass2caii > 2.16.840.1.113894.746875.1.1: <Unsupported tag 6> > subject=/C=DE/O=TC TrustCenter GmbH/OU=TC TrustCenter Class 2 CA/CN=TC > TrustCenter Class 2 CA II issuer=/C=DE/O=TC TrustCenter GmbH/OU=TC > TrustCenter Class 2 CA/CN=TC TrustCenter Class 2 CA II > > possible cause? No, this should be ignored as a comment. But you instructed stunnel to check the peer's certificate against the trusted ones (verify = 2), and the certificate chain the peer presents ends with a certificate not found in the CA file. Ludolf -- Ludolf Holzheid Bihl+Wiedemann GmbH Floßwörthstraße 41 68199 Mannheim, Germany Tel: +49 621 33996-0 Fax: +49 621 3392239 mailto:[email protected] http://www.bihl-wiedemann.de Sitz der Gesellschaft: Mannheim Geschäftsführer: Jochen Bihl, Bernhard Wiedemann Amtsgericht Mannheim, HRB 5796 _______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users _______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
