Re: Working cert rejection after reboot

Wed, 20 Aug 2014 07:56:58 -0700 

You might also wish to verify that the openssl binary you're using for
c_rehash is version 1.0.1e.

-Kyle H

On 8/20/2014 7:16 AM, Eckert, Doug wrote:
> The "Verify return code: 19" was because I specified the wrong CApath
> on the s_client.
>
> s_server/s_client works perfect.  I also tried s_server with the
> stunnel client, and the cert is accepted no problem.  I think this
> lies solely with the stunnel server process.
>
> Thanks so much for the extra set of eyes.  I'll recompile stunnel and
> bug those guys if the issue persists  ;-)
>
>
> On Wed, Aug 20, 2014 at 9:18 AM, Eckert, Doug
> <doug.eck...@dowjones.com <mailto:doug.eck...@dowjones.com>> wrote:
>
>     It's stunnel 4.32 compiled on AIX 6.1 (TL8 SP3) with openssl 1.0.1e.  
>
>     Initially I thought this was in OpenSSL due to the "NO X509_NAME"
>     message in the stunnel log.  It had been working fine for years
>     with the same certs, config files, etc with OpenSSL 0.9.8x and
>     prior.  Now I'm not so sure.
>
>     When I try s_client/s_server I get a "Verify return code: 19 (self
>     signed certificate in certificate chain)" on the client.  The cert
>     in question is our own private root CA.  There's no indication of
>     the "NO X509_NAME" when using s_client/server.
>
>
>
>
>     On Tue, Aug 19, 2014 at 9:17 PM, Salz, Rich <rs...@akamai.com
>     <mailto:rs...@akamai.com>> wrote:
>
>         I’m a bit stumped.  Is this openssl s_client/s_server, or
>         stunnel that’s failing?  And are you sure it is using the
>         certs that you think it is?  Have you run, for example,
>         s_client with –debug and –msg flags?
>
>          
>
>         -- 
>
>         Principal Security Engineer
>
>         Akamai Technologies, Cambridge MA
>
>         IM: rs...@jabber.me <mailto:rs...@jabber.me> Twitter: RichSalz
>
>          
>
>
>
>
>     -- 
>
>     *Doug Eckert*
>     *Technical Architect*
>
>     *Global Business Technology**
>     **Dow Jones*| /A News Corporation Company/
>     P.O. Box 300 | Princeton NJ 08543-0300
>     (W) 609.520.4993 <tel:609.520.4993> (C) 732.666.3681
>     <tel:732.666.3681>
>     *Email: **doug.eck...@dowjones.com* <mailto:al...@dowjones.com>**
>
>
>
>
>
> -- 
>
> *Doug Eckert*
> *Technical Architect*
>
> *Global Business Technology**
> **Dow Jones*| /A News Corporation Company/
> P.O. Box 300 | Princeton NJ 08543-0300
> (W) 609.520.4993 (C) 732.666.3681
> *Email: **doug.eck...@dowjones.com* <mailto:al...@dowjones.com>**
>
>

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to