[stunnel-users] Enter-passphrase dialog broken

Mon, 15 Aug 2022 07:25:33 -0700 

Hi,
since stunnel 5.62 it does not take the passphrase for a client key anymore, instead it gives a 'bad decrypt' log at once. 

It is the same behaviour at Debian/sid Distro as well as with Windows10.


Up to stunnel 5.61 the same stunnel.conf is accepted and the key gets 
loaded.


Here is the top of our stunnel.conf:

cert = /home/regula/cert.pem
key = /home/regula/cert.key

client = yes

[-- snip --]

Calling stunnel at the bash:

$ stunnel stunnel.conf
[-- snip --]
[ ] Loading certificate from file: /home/regula/cert.pem
[ ] Certificate loaded from file: /home/regula/cert.pem
[ ] Loading private key from file: /home/regula/cert.key
[!] error queue: ../ssl/ssl_rsa.c:384: error:0A080009:SSL routines::PEM lib

[!] error queue: ../crypto/pkcs12/p12_decr.c:86: error:11800074:PKCS12 
routines::pkcs12 cipherfinal error
[!] error queue: 
../providers/implementations/ciphers/ciphercommon_block.c:124: 
error:1C800064:Provider routines::bad decrypt
[!] error queue: ../crypto/pkcs12/p12_decr.c:86: error:11800074:PKCS12 
routines::pkcs12 cipherfinal error
[!] SSL_CTX_use_PrivateKey_file: 
../providers/implementations/ciphers/ciphercommon_block.c:124: 
error:1C800064:Provider routines::bad decrypt

[!] Service [guacamole]: Failed to initialize TLS context
[!] Configuration failed
[-- snip --]

$ ls -lh  *pem *key
-r-------- 1 regula regula 3,4K 22. Jun 16:52 cert.key
-r-------- 1 regula regula 2,2K 22. Jun 16:45 cert.pem

openssl does show the enter passphrase dialog and displays the private key:

$ $ openssl rsa -in cert.key
Enter pass phrase for cert.key:
writing RSA key
-----BEGIN PRIVATE KEY-----
[-- snip --]
-----END PRIVATE KEY-----

~$ dpkg -l|grep openssl

ii  openssl 3.0.4-2 amd64 Secure Sockets Layer toolkit - cryptographic 
utility

~$ dpkg -l|grep stunnel
ii  stunnel4  3:5.63-1+b1 amd64 Universal SSL tunnel for network daemons


Why is there a different behaviour between openssl and stunnel > 5.61 in 
loading a private key file?



Regards,
Johann

--
https://www.hoermann-solutions.com
_______________________________________________
stunnel-users mailing list -- stunnel-users@stunnel.org
To unsubscribe send an email to stunnel-users-le...@stunnel.org






















					Reply via email to