stunnel config

Post your questions here if you need help to use NewsLeecher or if you have a question about a feature.

Post Reply
kteague
Posts: 16
Joined: Tue Sep 12, 2006 3:25 am

stunnel config

Post by kteague »

I can't seem to get a 3rd party news client to work with stunnel. The client in quesiton doesn't support SSL in the application, so I'm forced to use stunnel (v5.40) to keep my stream encrypted. Here's my stunnel config:

[newsleecher-nntp]
client = yes
accept = 127.0.0.1:119
connect = us.newsleecher.com:563
verifyChain = yes
CAfile = ca-certs.pem
checkHost = us.newsleecher.com
OCSPaia = yes

In turn, I configure my 3rd party client to use 127.0.0.1 on port 119 for my news server. Here's what my stunnel log shows:
2017.01.29 07:34:38 LOG5[237]: s_connect: connected 69.16.179.22:563
2017.01.29 07:34:38 LOG5[237]: Service [newsleecher-nntp] connected remote server from 10.1.1.159:54751
2017.01.29 07:34:38 LOG5[237]: OCSP: Connecting the AIA responder "http://ocsp.godaddy.com/"
2017.01.29 07:34:38 LOG5[237]: s_connect: connected 50.63.243.230:80
2017.01.29 07:34:38 LOG5[237]: OCSP: Certificate accepted
2017.01.29 07:34:38 LOG5[237]: OCSP: Connecting the AIA responder "http://ocsp.godaddy.com/"
2017.01.29 07:34:38 LOG5[237]: s_connect: connected 50.63.243.230:80
2017.01.29 07:34:38 LOG5[237]: OCSP: Certificate accepted
2017.01.29 07:34:38 LOG4[237]: CERT: No matching host name found
2017.01.29 07:34:38 LOG4[237]: Rejected by CERT at depth=0: OU=Domain Control Validated, CN=*.sslusenet.com
2017.01.29 07:34:38 LOG3[237]: SSL_connect: 14090086: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
2017.01.29 07:34:38 LOG5[237]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket

Post Reply