Hello William, >Two things are important when generating certificate-key pair for stunnel. The private key cannot be >encrypted, because the server has no way to obtain password from the user. To produce an >unencrypted key add -nodes option when running req command from SSLeay kit.
I don`t get it, why this should not be possible - apache can do that - why shouldn`t stunnel ? It just needs to be implemented. Shure - this will not work in inetd mode - but perhaps as time will go by.......s.o. will program that !? IMHO "inetd mode" could be replaced by a special wrapper, which passes the passphrase every time, a stunnel process will be spawned..!?!? >This is a problem. Can you explain that in more detail ? I see, that this is "not nice" but I`m interested why this is a real problem when running stunnel. regards Roland --- Weitergeleitete Nachricht / Forwarded Message --- Date: Thu, 27 Mar 2003 18:31:38 -0500 (EST) From: "William Hooper" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: Re: SecurityFocus Article on VNC > Floyd Russell said: > > Anyone wanting a good description on how to setup VNC through an SSL > > tunnel may want to see this new article from SecurityFocus. > > > > http://www.securityfocus.com/infocus/1677 > > > > Floyd Russell > > I finally got a chance to read this. Pretty good article. But, > "...private keys secured by pass phrases cannot be used by the Stunnel > utility."? This is a problem. > > -- > William Hooper > _______________________________________________ > VNC-List mailing list > [EMAIL PROTECTED] > http://www.realvnc.com/mailman/listinfo/vnc-list > -- +++ GMX - Mail, Messaging & more http://www.gmx.net +++ Bitte ldcheln! Fotogalerie online mit GMX ohne eigene Homepage! _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] http://www.realvnc.com/mailman/listinfo/vnc-list
