[stunnel-users] SSL Error

[Randall LeJeune]

Hello. I am getting the following error when I try to run stunnel:

 

[root@doadmzqas stunnel]# stunnel

[ ] Clients allowed=31999

[.] stunnel 5.17 on powerpc-ibm-aix5.2.0.0 platform

[.] Compiled/running with OpenSSL 1.0.1s  1 Mar 2016

[.] Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI

[ ] errno: (*_Errno())

[.] Reading configuration from file /opt/freeware/etc/stunnel/stunnel.conf

[.] UTF-8 byte order mark not detected

[.] FIPS mode disabled

[ ] Compression disabled

[ ] Snagged 64 random bytes from /home/root/.rnd

[ ] Wrote 1024 new random bytes to /home/root/.rnd

[ ] PRNG seeded successfully

[ ] Initializing service [sapdp3202]

[ ] Loading certificate from file: /opt/freeware/etc/stunnel/stunnel.pem

[!] error queue: 140DC002: error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib

[!] error queue: 20074002: error:20074002:BIO routines:FILE_CTRL:system lib

[!] SSL_CTX_use_certificate_chain_file: 2001002: error:02001002:system library:fopen:No such file or directory

[!] Service [sapdp3202]: Failed to initialize SSL context

 

The version is 5.17 as you can see above. My config file looks like this:

 

; Log file (enable for troubleshooting)

output = /var/log/stunnel.log

 

; SSL Certificate and key files

cert = /opt/freeware/etc/stunnel/stunnel.pem

key = /opt/freeware/etc/stunnel/stunnel.key

 

; Restrict to FIPS compliant ciphers only ciphers = FIPS

 

; Force the SSL version to TLSv1 only

sslVersion = TLSv1

 

; The cipher list and SSL version restrictions above should make us ; _de_facto_ FIPS compliant; our OpenSSL library is *not* FIPS ; compliant, so

this cannot be set to 'yes'

fips = no

 

[sapdp3202]

client = yes

accept = 127.0.0.1:3202

connect = doaprdssl.dot.com.gov:4709

 

The OS is AIX version 7. Does anybody have any idea what this means?

 

Thanks in advance.

[Małgorzata Olszówka]

Hi!
Where have you got certificate and key files?
Maybe cert = /etc/stunnel/stunnel.pem etc...

Regards.

---
Ta wiadomość została sprawdzona na obecność wirusów przez oprogramowanie antywirusowe Avast.
https://www.avast.com/antivirus

_______________________________________________
stunnel-users mailing list
stunne...@stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users

[Małgorzata Olszówka]

I always can see one stunnel on one port.
You can kill -9 this old process of stunnel and run it again.

W dniu 14.06.2016 o 17:49, Randall LeJeune pisze:
> They are located in /opt/freeware/etc/stunnel I have the folliwng files there:
>
> privkey-2014-hb_fix.pem
> privkey.pem
> sscert.pem
> stunnel.conf
>
> Looks like I was missing my key file. I fixed that. I now get it to run but I am seeing just a single thread:
>
> root 13238338 0.0 0.0 224 236 pts/6 A 10:48:14 0:00 grep stunnel
> root 9896190 0.0 0.0 1096 1120 - A May 10 0:00 stunnel
>
> When I ran stunnel at my house, I got a series of threads running. Does this look correct to you?
>
> Thanks,
> Randy

[Małgorzata Olszówka]

W dniu 14.06.2016 o 18:55, Randall LeJeune pisze:
> OK, thanks. Do you know of any way that I can tell if it is actually working? Like sending some data to the port and checking to see if stunnel received it?
>
> Thanks in advance,
> Randy

Hello Randy,

Please reply to the list, so others are able to comment too.
You can see connection in the log file stunnel.log
and detailed data transfer in any sniffer.

Regards.

[jeanbapti...@gmail.com]

> Hello. I am getting the following error when I try to run freeradius -X :

tls: Failed reading certificate file "/etc/freeradius/3.0/certs/ser...@gmail.com-cert.pem"
tls: error:0200100D:system library:fopen:Permission denied
tls: error:20074002:BIO routines:file_ctrl:system lib
tls: error:140DC002:SSL routines:use_certificate_chain_file:system lib
rlm_eap_tls: Failed initializing SSL context
rlm_eap (EAP): Failed to initialise rlm_eap_tls
/etc/freeradius/3.0/mods-enabled/eap[14]: Instantiation failed for module "eap"

Please help me
> Thanks in advance.