Gentoo Archives: gentoo-dev

From: Zach Bagnall <yem@×××.net>
To: gentoo-dev@g.o
Subject: [gentoo-dev] stunnel blinding patch breaks client usage
Date: Fri, 20 Jun 2003 03:52:47
Message-Id: 20030620155243.03a3a324.yem@y3m.net
Hi all.

The blinding patch on stunnel tries to get the private key in order to
determine whether it is an RSA key and therefore RSA blinding is required.

The problem is that when stunnel is run in client mode, the key/cert is
optional. Stunnel dies because it can't access the key.

The workaround is to create a client key/cert PEM file and tell stunnel to
use that file (with the -p option or in stunnel.conf) whenever you use
stunnel in client mode.

More info here: http://forums.gentoo.org/viewtopic.php?p=376333

What I'd like to know is whether blinding is required on the client side
when NOT using an RSA cert for authentication.

Zach.

--
gentoo-dev@g.o mailing list