Hi, I'm new to stunnel. And I'm trying to configure a server that accepts TCP sockets connections only from clients that have a pre-shared certificate. Looking at the online documentation I found the verifyPeer option, but it is described to be used on client side. Trying to use it on server side I achieved my goal but only if the client has the whole certificate (private + public). My question is: Can I obtain in some way the same result sharing only the public part of the certificate?
Currently I'm using a configuration like this one (skipping the accept and connect options):
[Server] cert=wholeCert.pem verifyPeer=yes
[Client] cert=wholeCert.pem verifyPeer=yes CAFile=wholeCert.pem
and I'm looking for something like:
[Server] cert=wholeCert.pem verifyPeer=yes
[Client] verifyPeer=yes CAFile=publicCert.pem
If I try this second option the server refuses the connection in handshake phase saying that the client didn't provide any certificate. Is there a way to achieve this?
Thank you.