I have a very confusing problem with stunnel on Ubuntu. I have a
configuration file that I have used in both Windows and Arch Linux. In
the Arch version, I use a single file with all the certificates for the
partner systems, in the Windows version I use a capath directory. I
have tried both here and I always get the response "tlsv1 alert unknown ca".
The beginning of the stunnel.conf file is below. Any hints would be
appreciated.
Carter
cert = /etc/stunnel/xxxxxxx.pem
key = /etc/stunnel/xxxxxxx.pem
fips = no
# Enable client mode
client = yes
; Some security enhancements for UNIX systems - comment them out on Win32
#chroot = /var/run/stunnel/
#setuid = stunnel
#setgid = stunnel
; PID is created inside chroot jail
pid = /etc/stunnel/stunnel.pid
; Some performance tunings
# Debug and Foreground are for testing
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
# Uncomment for debugging stunnel problems
debug = 5
output = /etc/stunnel/stunnel.log
##foreground = yes
; NO SSLv2
options = NO_SSLv3
sslVersion = all
Ciphers =
ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA
#
# Uncomment and modify the CAFile to point to your ca.txt file
#CAFile = /etc/stunnel/all.pem
CAPath = /etc/stunnel/capath
#CAPath = @sysconfdir/ssl/certs
# Uncomment and modify the verify to enable CA validation
#
verifyChain = no
VerifyPeer = yes
_______________________________________________
stunnel-users mailing list
[email protected]
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
