Re: [stunnel-users] Weird verify behaviour using intermediate CAs

On Mon, 05 Oct 2009 15:09:02 +0200 delaage.pierre@free.fr wrote:

Good new, "Actually, it also works when using CApath". I suppose you mean it also works without (it should).

It does (see the first two points). Both do.

Since you are not using verify=3, you do not need CApath and it seems that it can only lead to bugs in your setup.I even wonder what you could put in that directive that could make sense in your config.

I've grown into the habit of using CApath since some CRL-checking daemons do not provide for a separate CRLfile/CRLpath parameter and use the same directory for trusted CAs and corresponding CRLs. It's mostly a convenience setup so I can reuse existing scripts et al.

Regards, Simon