Hi Ludolf:
I understand what you're saying. Nevertheless, I'm under the impression that level 4's purpose was to ignore the CA chain entirely. From the Stunnel manual:
"level 4
Ignore CA chain and only verify peer certificate."
Regards,
Thomas
On 6/10/2013 4:33 AM, Ludolf Holzheid wrote:
On Sun, 2013-06-09 17:18:50 -0500, Thomas Eifert wrote:
[..]
CERT: Verification error: unable to get local issuer certificate 2013.06.09 16:37:46 LOG4[608:2336]: Certificate check failed: depth=0
I suppose it's what the error message says:
Stunnel tries to verify the new certificate by following the certificate chain down to a trusted root certificate, and fails checking the issuer of a certificate involved.
Maybe Startcom didn't only change the server certificate, but some intermediate certificates too. If this is the case, you may have to download and store the intermediate certificates so stunnel able to find them.
HTH,
Ludolf