From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-dev-return-3854-arch-gentoo-dev=gentoo.org@gentoo.org>
Received: (qmail 767 invoked by uid 1002); 20 Jun 2003 03:52:47 -0000
Mailing-List: contact gentoo-dev-help@gentoo.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:gentoo-dev@gentoo.org>
List-Help: <mailto:gentoo-dev-help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev-unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-dev-subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@gentoo.org
Received: (qmail 19683 invoked from network); 20 Jun 2003 03:52:47 -0000
Date: Fri, 20 Jun 2003 15:52:43 +1200
From: Zach Bagnall <yem@y3m.net>
To: gentoo-dev@gentoo.org
Message-Id: <20030620155243.03a3a324.yem@y3m.net>
X-Mailer: Sylpheed version 0.8.9 (GTK+ 1.2.10; i686-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Subject: [gentoo-dev] stunnel blinding patch breaks client usage
X-Archives-Salt: 8ef73926-dbcb-47c0-af12-d00c6dbb1745
X-Archives-Hash: 909b88ff788efca9d872adf4235de58c

Hi all.

The blinding patch on stunnel tries to get the private key in order to
determine whether it is an RSA key and therefore RSA blinding is required.

The problem is that when stunnel is run in client mode, the key/cert is
optional. Stunnel dies because it can't access the key.

The workaround is to create a client key/cert PEM file and tell stunnel to
use that file (with the -p option or in stunnel.conf) whenever you use
stunnel in client mode.

More info here: http://forums.gentoo.org/viewtopic.php?p=376333

What I'd like to know is whether blinding is required on the client side
when NOT using an RSA cert for authentication.

Zach.

--
gentoo-dev@gentoo.org mailing list