Do you concatenate the self-signed certificate to the current CA? Best Regards, David.
David Faizulaev | PL/SQL Developer | T +972 (3) 767 3026 | M +972 (54) 7314687 Centralized OT Security Management for Distributed SCADA/ICS Networks Please consider the environment before printing this e-mail -----Original Message----- From: stunnel-users [mailto:[email protected]] On Behalf Of Ludolf Holzheid Sent: Tuesday, May 17, 2016 7:01 PM To: [email protected] Subject: Re: [stunnel-users] Configuring Stunnel to work between client and server - possible certificate issue On Tue, 2016-05-17 13:50:04 +0000, David Faizulaev wrote: > Hello, > > I've tried changing the value of 'verify' to 0 & 1, in both cases I get the > following: > > 2016.05.17 16:40:25 LOG3[285]: SSL_connect: 14090086: > error:14090086:SSL routines:ssl3_get_server_certificate:certificate > verify failed > 2016.05.17 16:40:25 LOG5[285]: Connection reset: 0 byte(s) sent to > SSL, 0 byte(s) sent to socket > 2016.05.17 16:40:25 LOG4[285]: Possible memory leak at > .\crypto\asn1\tasn_new.c:179: 11859 allocations > 2016.05.17 16:40:25 LOG4[285]: Possible memory leak at > .\crypto\asn1\asn1_lib.c:408: 11241 allocations Strange. I never used verify = 0, but I had the understanding, stunnel should accept a connection even if the peer's certificate can't be verified. Anyhow, what happens if you add the self-signed certificate presented by the peer to the CA file? Ludolf -- Ludolf Holzheid Bihl+Wiedemann GmbH Floßwörthstraße 41 68199 Mannheim, Germany Tel: +49 621 33996-0 Fax: +49 621 3392239 mailto:[email protected] http://www.bihl-wiedemann.de Sitz der Gesellschaft: Mannheim Geschäftsführer: Jochen Bihl, Bernhard Wiedemann Amtsgericht Mannheim, HRB 5796 _______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users _______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
