Problem With GMail
I am trying to use stunnel to act as a forwarder to GMail. My config file looks like:client = yes socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 [gmail] accept = 25 connect = smtp.gmail.com:465 ;CAfile = peer-gmail.pem ;verify = 3 I saved the peer certificate and when I attempt to send mail, the log looks like this: 2012.05.08 16:01:35 LOG5[31036:19408]: Service [gmail] connected remote server from 192.168.1.9:42580 2012.05.08 16:01:35 LOG4[31036:19408]: CERT: Verification error: unable to get local issuer certificate 2012.05.08 16:01:35 LOG4[31036:19408]: Certificate check failed: depth=1, /C=US/O=Google Inc/CN=Google Internet Authority 2012.05.08 16:01:35 LOG3[31036:19408]: SSL_connect: 14090086: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed 2012.05.08 16:01:35 LOG5[31036:19408]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket 2012.05.08 16:02:35 LOG5[31036:34312]: Service [gmail] accepted connection from 192.168.1.10:49303 2012.05.08 16:02:35 LOG5[31036:34312]: connect_blocking: connected 173.194.79.108:465 2012.05.08 16:02:35 LOG5[31036:34312]: Service [gmail] connected remote server from 192.168.1.9:42619 2012.05.08 16:02:36 LOG4[31036:34312]: CERT: Verification error: unable to get local issuer certificate 2012.05.08 16:02:36 LOG4[31036:34312]: Certificate check failed: depth=1, /C=US/O=Google Inc/CN=Google Internet Authority 2012.05.08 16:02:36 LOG3[31036:34312]: SSL_connect: 14090086: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed 2012.05.08 16:02:36 LOG5[31036:34312]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket Please tell me what I'm doing wrong so I can fix it. Van Brown
Try verify = 4 and see if that works for you. From the manual: level 4 Ignore CA chain and only verify peer certificate. Regards, Thomas On 5/8/2012 5:35 PM, Van Brown wrote:
I am trying to use stunnel to act as a forwarder to GMail.
My config file looks like: client = yes
socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1
[gmail] accept = 25 connect = smtp.gmail.com:465 ;CAfile = peer-gmail.pem ;verify = 3
I saved the peer certificate and when I attempt to send mail, the log looks like this:
2012.05.08 16:01:35 LOG5[31036:19408]: Service [gmail] connected remote server from 192.168.1.9:42580 2012.05.08 16:01:35 LOG4[31036:19408]: CERT: Verification error: unable to get local issuer certificate 2012.05.08 16:01:35 LOG4[31036:19408]: Certificate check failed: depth=1, /C=US/O=Google Inc/CN=Google Internet Authority 2012.05.08 16:01:35 LOG3[31036:19408]: SSL_connect: 14090086: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed 2012.05.08 16:01:35 LOG5[31036:19408]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket 2012.05.08 16:02:35 LOG5[31036:34312]: Service [gmail] accepted connection from 192.168.1.10:49303 2012.05.08 16:02:35 LOG5[31036:34312]: connect_blocking: connected 173.194.79.108:465 2012.05.08 16:02:35 LOG5[31036:34312]: Service [gmail] connected remote server from 192.168.1.9:42619 2012.05.08 16:02:36 LOG4[31036:34312]: CERT: Verification error: unable to get local issuer certificate 2012.05.08 16:02:36 LOG4[31036:34312]: Certificate check failed: depth=1, /C=US/O=Google Inc/CN=Google Internet Authority 2012.05.08 16:02:36 LOG3[31036:34312]: SSL_connect: 14090086: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed 2012.05.08 16:02:36 LOG5[31036:34312]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket
Please tell me what I'm doing wrong so I can fix it.
Van Brown
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org http://stunnel.mirt.net/mailman/listinfo/stunnel-users
-- Attention: This message and all attachments are private and may contain information that is confidential and privileged. If you received this message in error, please notify the sender by reply email and delete the message immediately.
participants (2)
-
Thomas Eifert -
Van Brown