On 19.05.2020 at 08:11, Olaf Brandt wrote:
[!] error queue: crypto/x509/by_file.c:205: error:0B084009:x509 certificate
routines:X509_load_cert_crl_file:PEM lib
[!] error queue: crypto/pem/pem_info.c:196: error:0907400D:PEM
routines:PEM_X509_INFO_read_bio:ASN1 lib
[!] error queue: crypto/asn1/tasn_dec.c:290: error:0D07803A:asn1 encoding
routines:asn1_item_embed_d2i:nested asn1 error
[!] error queue: crypto/asn1/tasn_dec.c:1118: error:0D068066:asn1 encoding
routines:asn1_check_tlen:bad object header
[!] SSL_CTX_load_verify_locations: crypto/asn1/asn1_lib.c:91:
error:0D07209B:asn1 encoding routines:ASN1_get_object:too long
[dns_local]
sslVersion = TLSv1.3
client = yes
accept = localhost:1053
connect = 185.95.218.42:853
checkHost = dns.digitale-gesellschaft.ch
verifyPeer = yes
CAfile = /etc/stunnel/cf.crt
Hello Olaf,
Could you check if only the correct certificate is located in the cf.crt
file?
The error logs suggest that there may be a second corrupted certificate
in this file.
I'm attaching my certificate file to compare. It works for me.
$ cat my_cf.crt
-----BEGIN CERTIFICATE-----
MIIFrjCCBJagAwIBAgISAxYZh2KsvuySe251uKMuuuooMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0yMDA1MTcyMTAwMjJaFw0y
MDA4MTUyMTAwMjJaMCcxJTAjBgNVBAMTHGRucy5kaWdpdGFsZS1nZXNlbGxzY2hh
ZnQuY2gwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAAQNCJFsHfkYG
/OAhVpPEajyIyN++kdbYerf8P4zxuXTswTsrAv4nkx7W06GVMe3HBiYodGB+cFM5
S+VDwoHcUPPXnguHWyzoqOtxvHsEktW+ZroO2J8nKHeffGgvL2Qtiob3z8Y6wRvU
6ZXWwPN38815FkCGztXcvrLGW3z+42iNJWFBqJmz9GJgGb+WMkbv5GrCPQD2RLlj
lFAO+6DhiOt5z7el0SkM1r/urRubjnyUT/haDqdeYudnYZ6Dy6D3Vva87N9NYGr+
CPocrhcFVA+w+B9seMqgmexLBrN5l4jRfsiTzxVrnerS74jaG+gr3Q1u8n7zdWAD
aodkeeYfAgMBAAGjggKvMIICqzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI
KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFJzjDvTx
YGDsIX3Y1l8Oe/+Q22gBMB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyh
MG8GCCsGAQUFBwEBBGMwYTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AuaW50LXgz
LmxldHNlbmNyeXB0Lm9yZzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgz
LmxldHNlbmNyeXB0Lm9yZy8wZQYDVR0RBF4wXIIcZG5zLmRpZ2l0YWxlLWdlc2Vs
bHNjaGFmdC5jaIIdZG5zMS5kaWdpdGFsZS1nZXNlbGxzY2hhZnQuY2iCHWRuczIu
ZGlnaXRhbGUtZ2VzZWxsc2NoYWZ0LmNoMEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcG
CysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5
cHQub3JnMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHYAB7dcG+V9aP/xsMYdIxXH
uuZXfFeUt2ruvGE6GmnTohwAAAFyJKb6LgAABAMARzBFAiA9f1pX485CoCoW/Vmu
ehEZrr6+qlpKsB5mjtYhqDX4ywIhANsGY1QmA3YozQW/CIsblSvSobOsY2rdhOeE
OnCmVDErAHYAb1N2rDHwMRnYmQCkURX/dxUcEdkCwQApBo2yCJo32RMAAAFyJKb6
jAAABAMARzBFAiEA6rwttrFxC851pxWG0sAFSQg4zLnv2h8jUxpfvTEZpQoCICEv
lAhh0KjKP3HTVE3jVlCRUaYBFneerjEuQ+FowM7yMA0GCSqGSIb3DQEBCwUAA4IB
AQCbuCT4MPx3XWeRQMe/WM9kZ3+HM44EGZOYuzXLTrN4wARcSPR0OPJXAjg7hBmq
mzkIHfli9Mev5BdAApl6xST87rHVlbCiWPDbRA9QPJKB6I+BTeHr5IZd0Mgx0jAH
f1ZIZb2gATgZgeSAOCEfrhOWVM2fscuyRwDwi9QNYSmZy3Hu9lOrJ0Uzewz05IVY
p45YjogEDegDGEHmj7XBwZ3aVwqF1xkFT/mPjLVgP2fw2P0QmK3eJYh7Zw+94Xwh
+zWMsiZ43rFUpOmf4EjWGg5gpvYhjLPfIaEMFtSrkzpdlCI0QFt+7+r4oRXWjWmq
QP6ub3ndSUkaiA8VYRkA+EFs
-----END CERTIFICATE-----
Regards,
Małgorzata Olszówka
_______________________________________________
stunnel-users mailing list
[email protected]
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
