Hello. I am getting the following error when I try to run stunnel:
[root@doadmzqas stunnel]# stunnel
[ ] Clients allowed=31999
[.] stunnel 5.17 on powerpc-ibm-aix5.2.0.0 platform
[.] Compiled/running with OpenSSL 1.0.1s 1 Mar 2016
[.] Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI
[ ] errno: (*_Errno())
[.] Reading configuration from file /opt/freeware/etc/stunnel/stunnel.conf
[.] UTF-8 byte order mark not detected
[.] FIPS mode disabled
[ ] Compression disabled
[ ] Snagged 64 random bytes from /home/root/.rnd
[ ] Wrote 1024 new random bytes to /home/root/.rnd
[ ] PRNG seeded successfully
[ ] Initializing service [sapdp3202]
[ ] Loading certificate from file: /opt/freeware/etc/stunnel/stunnel.pem
[!] error queue: 140DC002: error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib
[!] error queue: 20074002: error:20074002:BIO routines:FILE_CTRL:system lib
[!] SSL_CTX_use_certificate_chain_file: 2001002: error:02001002:system library:fopen:No such file or directory
[!] Service [sapdp3202]: Failed to initialize SSL context
The version is 5.17 as you can see above. My config file looks like this:
; Log file (enable for troubleshooting)
output = /var/log/stunnel.log
; SSL Certificate and key files
cert = /opt/freeware/etc/stunnel/stunnel.pem
key = /opt/freeware/etc/stunnel/stunnel.key
; Restrict to FIPS compliant ciphers only ciphers = FIPS
; Force the SSL version to TLSv1 only
sslVersion = TLSv1
; The cipher list and SSL version restrictions above should make us ; _de_facto_ FIPS compliant; our OpenSSL library is *not* FIPS ; compliant, so
this cannot be set to 'yes'
fips = no
[sapdp3202]
client = yes
accept = 127.0.0.1:3202
connect = doaprdssl.dot.com.gov:4709
The OS is AIX version 7. Does anybody have any idea what this means?
Thanks in advance.
Regards.
---
Ta wiadomość została sprawdzona na obecność wirusów przez oprogramowanie antywirusowe Avast.
https://www.avast.com/antivirus
_______________________________________________
stunnel-users mailing list
stunne...@stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
W dniu 14.06.2016 o 17:49, Randall LeJeune pisze:
> They are located in /opt/freeware/etc/stunnel I have the folliwng files there:
>
> privkey-2014-hb_fix.pem
> privkey.pem
> sscert.pem
> stunnel.conf
>
> Looks like I was missing my key file. I fixed that. I now get it to run but I am seeing just a single thread:
>
> root 13238338 0.0 0.0 224 236 pts/6 A 10:48:14 0:00 grep stunnel
> root 9896190 0.0 0.0 1096 1120 - A May 10 0:00 stunnel
>
> When I ran stunnel at my house, I got a series of threads running. Does this look correct to you?
>
> Thanks,
> Randy
Hello Randy,
Please reply to the list, so others are able to comment too.
You can see connection in the log file stunnel.log
and detailed data transfer in any sniffer.
Regards.