From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 767 invoked by uid 1002); 20 Jun 2003 03:52:47 -0000 Mailing-List: contact gentoo-dev-help@gentoo.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Received: (qmail 19683 invoked from network); 20 Jun 2003 03:52:47 -0000 Date: Fri, 20 Jun 2003 15:52:43 +1200 From: Zach Bagnall To: gentoo-dev@gentoo.org Message-Id: <20030620155243.03a3a324.yem@y3m.net> X-Mailer: Sylpheed version 0.8.9 (GTK+ 1.2.10; i686-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: [gentoo-dev] stunnel blinding patch breaks client usage X-Archives-Salt: 8ef73926-dbcb-47c0-af12-d00c6dbb1745 X-Archives-Hash: 909b88ff788efca9d872adf4235de58c Hi all. The blinding patch on stunnel tries to get the private key in order to determine whether it is an RSA key and therefore RSA blinding is required. The problem is that when stunnel is run in client mode, the key/cert is optional. Stunnel dies because it can't access the key. The workaround is to create a client key/cert PEM file and tell stunnel to use that file (with the -p option or in stunnel.conf) whenever you use stunnel in client mode. More info here: http://forums.gentoo.org/viewtopic.php?p=376333 What I'd like to know is whether blinding is required on the client side when NOT using an RSA cert for authentication. Zach. -- gentoo-dev@gentoo.org mailing list