windows-7 – stunnel版本4.53表示SSL服务器需要Windows 7上的证书

前端之家收集整理的这篇文章主要介绍了windows-7 – stunnel版本4.53表示SSL服务器需要Windows 7上的证书前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我一直在使用stunnel以前的版本.它在SSL服务器模式下显然没有证书的功能.这对我们没有必要,因为我们只是运行一个localhost服务器来隧道到远程服务器.

无论如何,我已经阅读了FAQ教程和与此相关的内容,并尝试了一切.无论我如何处理证书或密钥设置,它仍然会给出同样的错误,这是完整的输出….

No limit detected for the number of clients
stunnel 4.53 on x86-pc-mingw32-gnu platform
Compiled/running with OpenSSL 0.9.8s-fips 4 Jan 2012
Threading:WIN32 SSL:+ENGINE+OCSP+FIPS Auth:none Sockets:SELECT+IPv6
Reading configuration from file stunnel.conf
FIPS mode is enabled
Compression not enabled
Snagged 64 random bytes from C:/.rnd
Wrote 0 new random bytes to C:/.rnd
PRNG seeded successfully
Initializing service section [FIX]
Section FIX: SSL server needs a certificate

Server is down

这是stunnel.conf文件内容

; Certificate/key is needed in server mode and optional in client mode
cert = stunnel.pem
;key = stunnel.pem

; Disable support for insecure SSLv2 protocol
options = NO_SSLv2

[FIX]
accept  = 127.0.0.1:5679
connect = 216.52.236.112:5680
TIMEOUTconnect = 5

[FIXLIVE]
accept  = 127.0.0.1:5680
connect = 216.52.236.185:51581
TIMEOUTconnect = 5

请注意,stunnel安装了stunnel.pem文件.我试着取消注释密钥的配置行.还使用openssh按指令重新生成密钥.

我尝试使用绝对路径到cert文件.

没有任何区别.这是stunnel的缺陷吗?或者我做错了什么?

为每个服务添加client = yes以修复该错误消息.

您还需要设置选项以设置正确的SSL安全性;见下文.

# Enable proper SSL security.  Without this,you are completely insecure!
verify = 2
CAfile = /etc/ssl/certs/ca-certificates.crt
options = NO_SSLv2

[FIX]
client = yes
accept  = 127.0.0.1:5679
connect = 216.52.236.112:5680
TIMEOUTconnect = 5

[FIXLIVE]
client = yes
accept  = 127.0.0.1:5680
connect = 216.52.236.185:51581
TIMEOUTconnect = 5

猜你在找的Windows相关文章