Thanks, and yes. A co-worker was having a look at the stunnel code while I was pursuing this. He found the message in their "verify.c" as well as a bug report against v4.32. They were checking for the cert's Subject to precisely match, throwing this error on a mismatch. It was patched in v4.44. I pulled down the latest source (5.03) and compiled with the same openssl. I changed the install path and had both "broken" and "new" versions on the same server. I fired off a "new" instance and, the good news is v5.03 with 1.0.1e doesn't throw the error.
The strange thing is it manifest with the same stunnel version (4.32) only after openssl was updated from 0.9.8x to 1.0.1e and rebooted (albeit months later). Once again, thanks everyone for your input. The fresh perspective got me looking in the proper direction. On Wed, Aug 20, 2014 at 1:14 PM, Dr. Stephen Henson <st...@openssl.org> wrote: > On Tue, Aug 19, 2014, Eckert, Doug wrote: > > > Greetings. > > > > After a recent reboot, a previously working cert is now being rejected > with > > "NO X509_NAME". I can't set the log level higher on the AIX side to get > > more detail. What are the most likely causes of the "NO X509_NAME" > error? > > > > from aa.bb.cc.dd:eeeee > > 2014.08.17 12:14:41 LOG4[3670382:258]: VERIFY ERROR: depth=0, error=ok: > NO > > X509_NAME > > Just an additional comment. "NO X509_NAME" is not an OpenSSL error. In fact > that doesn't look like an error at all: the "error=ok" could be from the > notification passed to the callback that verification was successful. > > In that case "No X509_NAME" would appear becasue no certificate is > specified: > because there isn't a certificate associated with that state. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > -- *Doug Eckert* *Technical Architect* *Global Business Technology* *Dow Jones* | *A News Corporation Company* P.O. Box 300 | Princeton NJ 08543-0300 (W) 609.520.4993 (C) 732.666.3681 *Email: **doug.eck...@dowjones.com* <al...@dowjones.com>
