Hi,<div><br></div><div>I have a problem which Google did not help me with. A communications partner of one of our customers wants to connect their SAP Business Connector to our platform using HTTPS. Our software does not have SSL/TLS implemented, we rather use stunnel for all communications links, inbound or outbound, where the customer or partner wants to use HTTPS with client authentication.</div>
<div><br></div><div>The normal setup is "verify = 3" and the complete certificate chain for each partner is put into the CA path. In most cases, this works without problems. However, in the handshake, after the server certificate is sent and stunnel asks the client to send a client certificate, stunnel sends an empty list of triusted CAs. SAP BC expects the list of supported CAs to contain certificates, instead of being empty. My hope was that using "verify = 2" might help, so I have configured a new server instance of stunnel, and have copied the certificate of the partner's own CA into the CA path.</div>
<div><br></div><div>Unfortunately, the partner says it still does not work, and the log file shows they still do not send their certificate when the server asks for a client cert. It seems that stunnel still returns an empty list of trusted CAs, which causes SAP BC to find no certificate to send.</div>
<div><br></div><div>Is there any way I can configure stunnel to send back either every certificate found in a path or file, or at least to send back some fixed value for the trusted CAs?</div><div><br></div>