Working cert rejection after reboot

Tue, 19 Aug 2014 10:09:30 -0700 

Greetings.

After a recent reboot, a previously working cert is now being rejected with
"NO X509_NAME".  I can't set the log level higher on the AIX side to get
more detail.  What are the most likely causes of the "NO X509_NAME" error?


2014.08.17 12:11:58 LOG5[13762740:1]: Reading configuration from file
/opt/freeware/etc/stunnel/stunnel.conf
2014.08.17 12:11:58 LOG5[13762740:1]: Peer certificate location
/usr/share/ssl/certs
2014.08.17 12:11:58 LOG5[13762740:1]: Configuration successful
2014.08.17 12:11:58 LOG5[13762740:1]: No limit detected for the number of
clients
2014.08.17 12:11:58 LOG5[3670382:1]: stunnel 4.32 on rs6000-ibm-aix with
OpenSSL 1.0.1e 11 Feb 2013
2014.08.17 12:11:58 LOG5[3670382:1]: Threading:PTHREAD SSL:ENGINE
Sockets:POLL,IPv6
2014.08.17 12:14:41 LOG5[3670382:258]: Service XXXX accepted connection
from aa.bb.cc.dd:eeeee
2014.08.17 12:14:41 LOG4[3670382:258]: VERIFY ERROR: depth=0, error=ok: NO
X509_NAME
2014.08.17 12:14:41 LOG3[3670382:258]: SSL_accept: Peer suddenly
disconnected
2014.08.17 12:14:41 LOG5[3670382:258]: Connection reset: 0 bytes sent to
SSL, 0 bytes sent to socket


​Here's the client view of a similar session

Aug 18 11:00:07 skpkpsfseas02 stunnel: LOG5[4591:47551480864976]: stunnel
4.15 on x86_64-redhat-linux-gnu with OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008

....stunnel start-up stuff....

Aug 18 11:00:56 skpkpsfseas02 stunnel: LOG5[4592:47551433853248]: test
connected from 127.0.0.1:48698
Aug 18 11:00:56 skpkpsfseas02 stunnel: LOG7[4592:47551433853248]: FD 8 in
non-blocking mode
Aug 18 11:00:56 skpkpsfseas02 stunnel: LOG7[4592:47551433853248]: test
connecting aa.bb.cc.dd:eeeee
Aug 18 11:00:56 skpkpsfseas02 stunnel: LOG7[4592:47551433853248]:
connect_wait: waiting 10 seconds
Aug 18 11:00:56 skpkpsfseas02 stunnel: LOG7[4592:47551480864976]: Cleaning
up the signal pipe
Aug 18 11:00:56 skpkpsfseas02 stunnel: LOG6[4592:47551480864976]: Child
process 6581 finished with code 0
Aug 18 11:01:06 skpkpsfseas02 stunnel: LOG6[4592:47551433853248]:
connect_wait: s_poll_wait timeout
Aug 18 11:01:06 skpkpsfseas02 stunnel: LOG5[4592:47551433853248]:
Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
Aug 18 11:01:06 skpkpsfseas02 stunnel: LOG7[4592:47551433853248]: test
finished (0 left)
​

The certificate is the same, it's not expired, just need someplace to look
next.

Thanks!

--Doug

Reply via email to