我使用的是 CentOS Linux 版本 v7.9.2009 (Core),已进行最新更新。
首先,我在那里安装了最新版本的 OpenSSL。
以下是安装命令:
cd ~
wget https://www.openssl.org/source/openssl-3.0.7.tar.gz
tar -zxvf openssl-3.0.7.tar.gz
yum install -y perl-IPC-Cmd
cd openssl-3.0.7
./Configure
make
make install
ln -s /usr/local/lib64/libssl.so.3 /usr/lib64/libssl.so.3
ln -s /usr/local/lib64/libcrypto.so.3 /usr/lib64/libcrypto.so.3
sudo ldconfig
reboot
openssl version -d
OPENSSLDIR: "/usr/local/ssl"
现在我使用以下命令安装了最新版本的 stunnel:
wget ftp://ftp.stunnel.org/stunnel/archive/5.x/stunnel-5.67.tar.gz
sudo yum -y install tar
sudo yum -y update tar
tar -xvzf stunnel-5.67.tar.gz
cd stunnel-5.67
rm -rf stunnel-5.67 > This Is For Learn
groupadd -g 51 stunnel &&
useradd -c "stunnel Daemon" -d /var/lib/stunnel \
-g stunnel -s /bin/false -u 51 stunnel
./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --disable-systemd --with-ssl=/usr/local
make
make docdir=/usr/share/doc/stunnel-5.67 install
通过这些命令,我将 stunnel 的 ssl 版本更改为当前 OpenSSL 版本,即 v3.0.7。
我使用命令创建了一个简单的证书make cert。(stunnel.pem)
这是 stunnel 配置文件:
[Server]
client = no
accept = 11523
connect = 127.0.0.1:11869
cert = stunnel.pem
这是信息处理程序情况 :
sysctl crypto.fips_enabled
- 结果 -
crypto.fips_enabled = 0
现在运行 stunnel 后我收到此错误:
[ ] Initializing inetd mode configuration
[ ] Clients allowed=500
[.] stunnel 5.67 on x86_64-pc-linux-gnu platform
[.] Compiled/running with OpenSSL 3.0.7 1 Nov 2022
[.] Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,OCSP,PSK,SNI
[ ] errno: (*__errno_location ())
[ ] Initializing inetd mode configuration
[.] Reading configuration from file /etc/stunnel/stunnel.conf
[.] UTF-8 byte order mark not detected
[.] FIPS mode disabled
[ ] Compression disabled
[ ] No PRNG seeding was required
[ ] Initializing service [Server]
[ ] stunnel default security level set: 2
[ ] Ciphers: HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK
[ ] TLSv1.3 ciphersuites: TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256
[ ] TLS options: 0x2100000 (+0x0, -0x0)
[ ] Session resumption enabled
[ ] Loading certificate from file: stunnel.pem
[!] error queue: ssl/ssl_rsa.c:448: error:0A080002:SSL routines::system lib
[!] error queue: crypto/bio/bss_file.c:300: error:10080002:BIO routines::system lib
[!] SSL_CTX_use_certificate_chain_file: crypto/bio/bss_file.c:297: error:80000002:system library::No such file or directory
[!] Service [certificate-based Server]: Failed to initialize TLS context
[!] Configuration failed
[ ] Deallocating temporary section defaults
[ ] Deallocating section [Server]
我怎样才能修复该错误?
答案1
CentOS 7 上的 Stunnel 服务器 - TLS 选项:0x2100000(+0x0,-0x0)错误
这不是错误,只是设置了 TLS 选项的调试信息
我怎样才能修复该错误?
你的真正错误是这样的:
[ ] Loading certificate from file: stunnel.pem [!] error queue: ssl/ssl_rsa.c:448: error:0A080002:SSL routines::system lib [!] error queue: crypto/bio/bss_file.c:300: error:10080002:BIO routines::system lib [!] SSL_CTX_use_certificate_chain_file: crypto/bio/bss_file.c:297: error:80000002:system library::No such file or directory
这意味着证书路径指向不存在或无法通过 stunnel 访问的证书。
cert = stunnel.pem
这里只给出了相对路径。请使用绝对路径(例如/etc/stunnel/stunnel.pem),这样它就不会依赖于 stunnel 的当前工作目录。还要确保权限允许访问。
答案2
确保配置或变量指向正确的位置,并且必须具有正确的路径和正确的文件名。
cert = <yourpem>.pem
key = <yourkey>.key
任何 OPENSSL 环境变量也应该指向正确的文件和位置。