Hello Jesus,
Hum it is strange, I tested stunnel 3 and it works well with a pem file
containing both private and
certificate as specified in stunnel 3 documentation. Extract from documentation
:
--- STUNNEL MAN EXTRACT ---
The order of contents of the .pem file is also important. It should contain the
unencrypted private key
first, then a signed certificate (not certificate request). There should be
also empty lines after cer-
tificate and private key. Plaintext certificate information appended on the top
of generated certifi-
cate should be discarded. So the file should look like this:
-----BEGIN RSA PRIVATE KEY-----
[encoded key]
-----END RSA PRIVATE KEY-----
[empty line]
-----BEGIN CERTIFICATE-----
[encoded certificate]
-----END CERTIFICATE-----
[empty line]
--- END STUNNEL MAN EXTRACT ---
I tried method given in /usr/share/doc/stunnel/README.Debian to create a
certificate and it worked fine.
I checked package but there was no difference with upstream source, there is
only one patch for stunnel-dsa
patch in order to accept DSA keys.
If you have an idea of what can be broken, I will be happy to fix it.
Best Regards.
Julien Lemoine.
* Jesus Climent <[EMAIL PROTECTED]> [2006-01-31 15:30:36 +0100]:
> Package: stunnel
> Version: 2:3.26-3
> Severity: grave
> Justification: renders package unusable
>
> Created a certificate and a key, using
>
> openssl req -new -x509 -days 730 -nodes -out stunnel-cert.pem -keyout
> stunnel.pem
>
> stunnel 3.25-3 used to work. Upgrading to a higher version, I get:
>
> Jan 31 16:21:29 carter stunnel[14541]: Using '25' as tcpwrapper service name
> Jan 31 16:21:29 carter stunnel[14541]: Could not load DH parameters from
> /etc/ssl/certs/stunnel.pem
> Jan 31 16:21:29 carter stunnel[14541]: Diffie-Hellman initialization failed
> Jan 31 16:21:29 carter stunnel[14541]: Error reading certificate file:
> /etc/ssl/certs/stunnel.pem
> Jan 31 16:21:29 carter stunnel[14541]: SSL_CTX_use_certificate_chain_file:
> error:0906D06C:PEM routines:PEM_read_bio:no start line
>
> -7 says that stunnel3 is deprecated, so upgraded to version 4:
>
> Jan 31 16:22:26 carter stunnel: LOG5[14635:46912510151392]: stunnel 4.14 on
> x86_64-pc-linux-gnu PTHREAD+POLL+IPv6+LIBWRAP with Ope
> nSSL 0.9.8a 11 Oct 2005
> Jan 31 16:22:26 carter stunnel: LOG3[14635:46912510151392]: Error reading
> certificate file: /etc/ssl/certs/stunnel.pem
> Jan 31 16:22:26 carter stunnel: LOG3[14635:46912510151392]: error stack:
> 140DC009 : error:140DC009:SSL routines:SSL_CTX_use_certif
> icate_chain_file:PEM lib
> Jan 31 16:22:26 carter stunnel: LOG3[14635:46912510151392]:
> SSL_CTX_use_certificate_chain_file: 906D06C: error:0906D06C:PEM routin
> es:PEM_read_bio:no start line
>
> Still, I am unable to run my mail service thru stunnel.
>
> If more help is needed, please, do not hesitate to ask.
>
> -- System Information:
> Debian Release: 3.1
> Architecture: i386 (i686)
> Kernel: Linux 2.6.8-1-386
> Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=locale: Cannot set
> LC_CTYPE to default locale: No such file or directory
> locale: Cannot set LC_MESSAGES to default locale: No such file or directory
> locale: Cannot set LC_ALL to default locale: No such file or directory
> ANSI_X3.4-1968) (ignored: LC_ALL set to en_ES)
>
> Versions of packages stunnel depends on:
> ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries
> an
> ii libssl0.9.7 0.9.7e-3sarge1 SSL shared libraries
> ii libwrap0 7.6.dbs-8 Wietse Venema's TCP wrappers
> libra
> ii netbase 4.21 Basic TCP/IP networking system
> ii openssl 0.9.7e-3sarge1 Secure Socket Layer (SSL) binary
> a
>
> -- debconf information excluded
>
> --
> Jesus Climent info:www.pumuki.org
> Unix SysAdm|Linux User #66350|Debian Developer|2.6.15|Helsinki Finland
> GPG: 1024D/86946D69 BB64 2339 1CAA 7064 E429 7E18 66FC 1D7F 8694 6D69
>
> It's a soldier's duty. You wouldn't understand.
> --The Colonel (Akira)
>
--
Julien LEMOINE / SpeedBlue
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
