<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <div class="moz-cite-prefix">Hello again,<br>
      More precisely : that option should be set on the machine that has
      generated the certificate : probably not your "client" one...<br>
      but a kind of CA server somewhere...<br>
      <br>
      Not related at all to stunnel. <br>
      <br>
      You should subscribe to openssl mailing lists here :<br>
      <a class="moz-txt-link-freetext" href="http://www.openssl.org/support/community.html">http://www.openssl.org/support/community.html</a><br>
      <br>
      Best<br>
      Pierre Delaage<br>
      <br>
      <br>
      Le 11/03/2014 05:31, Athir Nuaimi a écrit :<br>
    </div>
    <blockquote
cite="mid:CAEGfm8WK5=3rg7ZGv53E+eTnPBsE_JDXWxiQy1jfwV2k07hmFw@mail.gmail.com"
      type="cite">
      <div dir="ltr">I'm trying to write a go program to connect to an
        stunnel server and verify the certificate but it fails because
        the go language requires that self-signed certs have keyCertSign
        set in the keyUsages.  the default stunnel.cnf does not set
        this.  According to the following message thread this is
        required by RFC 5280.
        <div>
          <br>
          <div><a moz-do-not-send="true"
href="https://groups.google.com/forum/#%21msg/golang-nuts/LfLHjVkeSj8/YyP-LSPEytEJ">https://groups.google.com/forum/#!msg/golang-nuts/LfLHjVkeSj8/YyP-LSPEytEJ</a><br>
          </div>
          <div>
            <div><br>
            </div>
            <div>The solution to this is to add 'keyUsage = keyCertSign'
              to the stunnel.cnf.</div>
          </div>
        </div>
        <div><br>
        </div>
        <div><br>
        </div>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
stunnel-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:stunnel-users@stunnel.org">stunnel-users@stunnel.org</a>
<a class="moz-txt-link-freetext" href="https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users">https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>