Carsten Krüger wrote in a great report:
I think it should work, * should match homie
It doesn't matter. Stunnel does not attempt to perform any DNS checks.
- connected with "openssl s_client -connect mail.neroon.com:995", pasted
cert to dreamhost.pem
For some reason OpenSSL is not able to authenticate against this certificate:
$ openssl s_client -verify 1 -CAfile dreamhost.pem -connect mail.neroon.com:995 2>&1 | head -4 verify depth is 1 depth=0 /C=US/ST=California/L=Brea/O=Dreamhost.com/OU=Security/CN=*.mail.dreamhost.com/emailAddress=support@dreamhost.com verify error:num=20:unable to get local issuer certificate verify return:1
s_client tool is intended for testing only, so it displays the error and than ignores it. See the manual for details.
I guess there is either something wrong with the certificate or with OpenSSL.
Best regards, Mike