Hi,
since stunnel 5.62 it does not take the passphrase for a client key
anymore, instead it gives a 'bad decrypt' log at once.
It is the same behaviour at Debian/sid Distro as well as with Windows10.
Up to stunnel 5.61 the same stunnel.conf is accepted and the key gets
loaded.
Here is the top of our stunnel.conf:
cert = /home/regula/cert.pem
key = /home/regula/cert.key
client = yes
[-- snip --]
Calling stunnel at the bash:
$ stunnel stunnel.conf
[-- snip --]
[ ] Loading certificate from file: /home/regula/cert.pem
[ ] Certificate loaded from file: /home/regula/cert.pem
[ ] Loading private key from file: /home/regula/cert.key
[!] error queue: ../ssl/ssl_rsa.c:384: error:0A080009:SSL routines::PEM lib
[!] error queue: ../crypto/pkcs12/p12_decr.c:86: error:11800074:PKCS12
routines::pkcs12 cipherfinal error
[!] error queue:
../providers/implementations/ciphers/ciphercommon_block.c:124:
error:1C800064:Provider routines::bad decrypt
[!] error queue: ../crypto/pkcs12/p12_decr.c:86: error:11800074:PKCS12
routines::pkcs12 cipherfinal error
[!] SSL_CTX_use_PrivateKey_file:
../providers/implementations/ciphers/ciphercommon_block.c:124:
error:1C800064:Provider routines::bad decrypt
[!] Service [guacamole]: Failed to initialize TLS context
[!] Configuration failed
[-- snip --]
$ ls -lh *pem *key
-r-------- 1 regula regula 3,4K 22. Jun 16:52 cert.key
-r-------- 1 regula regula 2,2K 22. Jun 16:45 cert.pem
openssl does show the enter passphrase dialog and displays the private key:
$ $ openssl rsa -in cert.key
Enter pass phrase for cert.key:
writing RSA key
-----BEGIN PRIVATE KEY-----
[-- snip --]
-----END PRIVATE KEY-----
~$ dpkg -l|grep openssl
ii openssl 3.0.4-2 amd64 Secure Sockets Layer toolkit - cryptographic
utility
~$ dpkg -l|grep stunnel
ii stunnel4 3:5.63-1+b1 amd64 Universal SSL tunnel for network daemons
Why is there a different behaviour between openssl and stunnel > 5.61 in
loading a private key file?
Regards,
Johann
--
https://www.hoermann-solutions.com
_______________________________________________
stunnel-users mailing list -- stunnel-users@stunnel.org
To unsubscribe send an email to stunnel-users-le...@stunnel.org