On Thu, 2011-02-10 10:28:42 -0600, Dave wrote:
[..]
If I set the verify level to 3 and try to start stunnel, it won't start and says:
"Either CApath or CAfile has to be used for authentication"
If I have a self-signed cert, what needs to be in this file for things to work? I guess perhaps I am unsure how to locally install my cert? I thought it was already, as it's defined elsewhere in the config (cert = ....)?
Dave,
o cert= defines the certificate (and public key) to be presented to the other end of the tunnel.
o key= defines the private key to be used for decryption (and thus has to match the public key given in cert=)
o CApath= and CAfile= define the location of certificates of CAs and/or valid peers.
That is, the location of _your_ keys and certificate is given by cert= and key=. The location of the _CA_ certificate (verify level=2) or the certificates of the _peers_ (verify level=3) is given by CApath= or CAfile=.
You install a certificate of a valid peer by copying it to the directory given by CApath= and run c_rehash on this directory, or by appending it to the file given by CAfile=.
HTH,
Ludolf