версия CSP (Type:71) v3.6.5359 KC1 Release Ver:3.6.6497 OS:Linux CPU:IA32 FastCode:READY,ENABLED.
версия stunnel 4.18 on i686-pc-linux-gnu
конфиг stunnel:
setuid = root
setgid = root
pid = /var/opt/cprocsp/tmp/stunnel.pid
cert=/etc/stunnel/0.cer
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
debug = 7
output = /var/opt/cprocsp/tmp/stunnel.log
client=yes
[stunn]
accept = 1443
connect = HOSTNAME:443
TIMEOUTclose = 0
mutual_auth=no
Запускается нормально, при попытке открывать локалхост:1443 в логе получаю ошибку:
2012.10.03 07:32:25 LOG7[14034:0]: TCP_NODELAY option set on remote socket
2012.10.03 07:32:25 LOG7[14034:0]: start SSPI connect
2012.10.03 07:32:25 LOG7[14034:0]: open file /etc/stunnel/0.cer with certificate
2012.10.03 07:32:25 LOG3[14034:0]: Error 0x80092004 returned by CertFindCertificateInStore
2012.10.03 07:32:25 LOG3[14034:0]: Error creating credentials
2012.10.03 07:32:25 LOG5[14034:0]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
2012.10.03 07:32:25 LOG7[14034:0]: free Buffers
2012.10.03 07:32:25 LOG7[14034:0]: delete c->hClientCreds
2012.10.03 07:32:25 LOG5[14034:0]: incomp_mess = 0, extra_data = 0
2012.10.03 07:32:25 LOG7[14034:0]: removing pid file /var/opt/cprocsp/tmp/stunnel.pid
2012.10.03 07:32:25 LOG7[12131:0]: Cleaning up the signal pipe
2012.10.03 07:32:25 LOG7[12131:0]: Process 14034 finished with code 0 (0 left)
в КриптоПРО установлены сертификаты из
http://cpca.cryptopro.ru/cacer.p7b (в DERе)
После установки сретификата 0.cer получаю в логе другую ошибку:
2012.10.03 07:53:40 LOG7[24057:0]: client start
2012.10.03 07:53:40 LOG7[24057:0]: stunn started
2012.10.03 07:53:40 LOG7[24057:0]: FD 11 in non-blocking mode
2012.10.03 07:53:40 LOG7[24057:0]: TCP_NODELAY option set on local socket
2012.10.03 07:53:40 LOG7[24057:0]: FD 9 in non-blocking mode
2012.10.03 07:53:40 LOG7[24057:0]: FD 12 in non-blocking mode
2012.10.03 07:53:40 LOG7[24057:0]: Connection from ***.***.***.***:43476 permitted by libwrap
2012.10.03 07:53:40 LOG5[24057:0]: stunn connected from ***.***.***.***:43476
2012.10.03 07:53:40 LOG7[24057:0]: FD 14 in non-blocking mode
2012.10.03 07:53:40 LOG7[24057:0]: stunn connecting
2012.10.03 07:53:40 LOG7[24057:0]: connect_wait: waiting 10 seconds
2012.10.03 07:53:40 LOG7[24057:0]: connect_wait: connected
2012.10.03 07:53:40 LOG7[24057:0]: Remote FD=14 initialized
2012.10.03 07:53:40 LOG7[24057:0]: TCP_NODELAY option set on remote socket
2012.10.03 07:53:40 LOG7[24057:0]: start SSPI connect
2012.10.03 07:53:40 LOG7[24057:0]: open file /etc/stunnel/0.cer with certificate
2012.10.03 07:53:40 LOG3[24057:0]: **** Error 0x80090304 returned by AcquireCredentialsHandle
2012.10.03 07:53:40 LOG3[24057:0]: Credentials compleet
2012.10.03 07:53:40 LOG3[24057:0]: Error creating credentials
2012.10.03 07:53:40 LOG5[24057:0]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket2012.10.03 07:53:40 LOG7[24057:0]: free Buffers
На соседней машине с Ubuntu всё настроено аналогично, и работает. Делал по аналогии с реализацией для IE на Windows (без туннеля).
