Hello Delian,
In my opinion this is not a problem of stunnel4. The version is
simply linked with openssl 0.9.8 instead
of 0.9.7. So if there is a problem, it is probably with libssl and not
stunnel4.
I reproduced your problem by putting the same file for cert and key
filename.
Stunnel4 works fine with separation of cert and key files :
Extract of configuration :
cert = /etc/stunnel/cert.pem
key = /etc/stunnel/key.pem
Log :
2005.10.24 19:07:23 LOG5[15299:16384]: stunnel 4.11 on i486-pc-linux-gnu
PTHREAD+POLL+IPv6+LIBWRAP with OpenSSL 0.9.8a 11 Oct 2005
2005.10.24 19:07:23 LOG5[15299:16384]: 500 clients allowed
So I think libssl 0.9.8 does not accept any more cert and key file
merged in the same file.
Best Regards.
Delian Krustev wrote:
Package: stunnel4
Version: 2:4.110-2
Severity: grave
This version of stunnel fails to start on both testing and unstable.
Here's what's in the logs:
Oct 24 14:29:37 deb-off stunnel[4502]: stunnel 4.11 on i486-pc-linux-gnu
PTHREAD+POLL+IPv6+LIBWRAP with OpenSSL 0.9.8a 11 Oct 2005
Oct 24 14:29:38 deb-off stunnel[4502]: Snagged 64 random bytes from /root/.rnd
Oct 24 14:29:38 deb-off stunnel[4502]: Wrote 1024 new random bytes to /root/.rnd
Oct 24 14:29:38 deb-off stunnel[4502]: RAND_status claims sufficient entropy
for the PRNG
Oct 24 14:29:38 deb-off stunnel[4502]: PRNG seeded successfully
Oct 24 14:29:38 deb-off stunnel[4502]: Error reading certificate file:
/etc/ssl/certs/stunnel.pem
Oct 24 14:29:38 deb-off stunnel[4502]: error stack: 25070067 :
error:25070067:DSO support routines:DSO_load:could not load the shared library
Oct 24 14:29:38 deb-off stunnel[4502]: SSL_CTX_use_certificate_chain_file:
25066067: error:25066067:DSO support routines:DLFCN_LOAD:could not load the
shared library
The previous version works ok with the same config and certificate file.
I've downgraded to it and it still works ok.
Here's the config:
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
cert = /etc/ssl/certs/stunnel.pem
key = /etc/ssl/certs/stunnel.pem
setuid = stunnel4
setgid = stunnel4
pid = /var/run/stunnel4/stunnel.pid
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
debug = 7
[pop3s]
accept = 995
connect = 110
[imaps]
accept = 993
connect = 143
[ssmtp]
accept = 465
connect = 25
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-1-686
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages stunnel4 depends on:
ii adduser 3.73 Add and remove users and groups
ii libc6 2.3.5-7 GNU C Library: Shared libraries an
ii libssl0.9.8 0.9.8a-2 SSL shared libraries
ii libwrap0 7.6.dbs-8 Wietse Venema's TCP wrappers libra
ii netbase 4.22 Basic TCP/IP networking system
ii openssl 0.9.8a-2 Secure Socket Layer (SSL) binary a
ii perl-modules 5.8.7-7 Core Perl modules
stunnel4 recommends no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
