The blinding patch on stunnel tries to get the private key in order to
determine whether it is an RSA key and therefore RSA blinding is required.
The problem is that when stunnel is run in client mode, the key/cert is
optional. Stunnel dies because it can't access the key.
The workaround is to create a client key/cert PEM file and tell stunnel to
use that file (with the -p option or in stunnel.conf) whenever you use
stunnel in client mode.
More info here: http://forums.gentoo.org/viewtopic.php?p=376333
What I'd like to know is whether blinding is required on the client side
when NOT using an RSA cert for authentication.
firstname.lastname@example.org mailing list