Re: [stunnel-users] Why does verify=3 require the entire cert chain to be present in cafile?

2 Nov 2011


      On Tue, 2011-11-01 23:11:45 -0400, al_9x@yahoo.com wrote:
...
On 10/15/2011 6:37 AM, al_9x@yahoo.com wrote:
...
If the leaf (server) cert is declared trusted (added to the cafile),  
there is no point in walking the trust chain.
Michal Trojnara, can you comment please?  Can you support a mode of  
validation that allows one to trust the server certificate, without  
having to add the whole chain?
al_9x,
I think the technical issue has been discussed already.
Could you please provide a rationale for insisting in not using
self-singed certificates /and/ for refusing to have the one or two
additional certificates installed?
Ludolf
-- 

---------------------------------------------------------------
Ludolf Holzheid             Tel:    +49 621 339960
Bihl+Wiedemann GmbH         Fax:    +49 621 3392239
Floßwörthstraße 41          e-mail: lholzheid@bihl-wiedemann.de
D-68199 Mannheim, Germany
---------------------------------------------------------------

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: [stunnel-users] Why does verify=3 require the entire cert chain to be present in cafile?