Hi Ludolf,
I meant the server's CApath directory (the one configured into stunnel.conf).
So the client must decrypt its copy of the key, but my stunnel server doesn't need to know the password, as I supposed.
Thank you
G
2015-07-03 13:12 GMT+02:00 Ludolf Holzheid lholzheid@bihl-wiedemann.de:
On Fri, 2015-07-03 11:33:40 +0200, Giona Il Profeta wrote:
Hi all,
I have inherited an old stunnel installation, configured for mutual authentication (verify=3) and I'm trying to figure out some of the
choices
of the old sysadmin.
One of the client certificates in the CApath directory has its private
key
encrypted with a password.
Is the client supposed to provide the password to decrypt the key when it connects?
Which CApath?
If it's the one on the client box: Yes, the client is supposed to enter the password when stunnel is started.
If it's the one on the server box: The peer's private key is not used by stunnel, so no, there is no need for the password.
HTH
Ludolf
--
Ludolf Holzheid
Bihl+Wiedemann GmbH Floßwörthstraße 41 68199 Mannheim, Germany
Tel: +49 621 33996-0 Fax: +49 621 3392239
mailto:lholzheid@bihl-wiedemann.de http://www.bihl-wiedemann.de
Sitz der Gesellschaft: Mannheim Geschäftsführer: Jochen Bihl, Bernhard Wiedemann Amtsgericht Mannheim, HRB 5796 _______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users