<div dir="ltr">Hi Ludolf, <div><br></div><div>I meant the server's CApath directory (the one configured into stunnel.conf). </div><div><br></div><div>So the client must decrypt its copy of the key, but my stunnel server doesn't need to know the password, as I supposed. </div><div><br></div><div>Thank you </div><div><br></div><div>G</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">2015-07-03 13:12 GMT+02:00 Ludolf Holzheid <span dir="ltr"><<a href="mailto:lholzheid@bihl-wiedemann.de" target="_blank">lholzheid@bihl-wiedemann.de</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5">On Fri, 2015-07-03 11:33:40 +0200, Giona Il Profeta wrote:<br>
> Hi all,<br>
><br>
> I have inherited an old stunnel installation, configured for mutual<br>
> authentication (verify=3) and I'm trying to figure out some of the choices<br>
> of the old sysadmin.<br>
><br>
> One of the client certificates in the CApath directory has its private key<br>
> encrypted with a password.<br>
><br>
> Is the client supposed to provide the password to decrypt the key when it<br>
> connects?<br>
<br>
</div></div>Which CApath?<br>
<br>
If it's the one on the client box: Yes, the client is supposed to<br>
enter the password when stunnel is started.<br>
<br>
If it's the one on the server box: The peer's private key is not used<br>
by stunnel, so no, there is no need for the password.<br>
<br>
HTH<br>
<br>
Ludolf<br>
<br>
<br>
--<br>
<br>
Ludolf Holzheid<br>
<br>
Bihl+Wiedemann GmbH<br>
Floßwörthstraße 41<br>
68199 Mannheim, Germany<br>
<br>
Tel: <a href="tel:%2B49%20621%2033996-0" value="+49621339960">+49 621 33996-0</a><br>
Fax: <a href="tel:%2B49%20621%203392239" value="+496213392239">+49 621 3392239</a><br>
<br>
mailto:<a href="mailto:lholzheid@bihl-wiedemann.de">lholzheid@bihl-wiedemann.de</a><br>
<a href="http://www.bihl-wiedemann.de" rel="noreferrer" target="_blank">http://www.bihl-wiedemann.de</a><br>
<br>
Sitz der Gesellschaft: Mannheim<br>
Geschäftsführer: Jochen Bihl, Bernhard Wiedemann<br>
Amtsgericht Mannheim, HRB 5796<br>
_______________________________________________<br>
stunnel-users mailing list<br>
<a href="mailto:stunnel-users@stunnel.org">stunnel-users@stunnel.org</a><br>
<a href="https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users" rel="noreferrer" target="_blank">https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users</a><br>
</blockquote></div><br></div>