Hi Guys,

Thank you for your feedback.  I will re-test this feature.

Best regards,
    Michal Trojnara

On 2013-07-08 18:32, Thomas Eifert wrote:

You're not missing anything.  I've experienced a similar issue.  While
verify = 4 generally works well in most cases and will ignore the CA
chain, I've encountered a few isolated incidences in which I've had to
append or "chain" the server certificate with the certificate of the
CA. Give it a shot and see if it resolves your issue.

Thomas

On 7/8/2013 3:02 AM, dansmith wrote:

I would expect that level 4 only compares locally installed
certificates, however I get the same behaviour as with level 3, stunnel
expects a CA cert.
Here'e the relevant log when on level 4

Jul  6 23:46:31 mmm stunnel: LOG7[7870:140491349628672]: Starting
certificate verification: depth=0,
/C=qq/ST=qq/O=qqq/OU=rer/CN=redf/emailAddress=rfd
Jul  6 23:46:31 mmm stunnel: LOG4[7870:140491349628672]: CERT:
Verification error: unable to get local issuer certificate
Jul  6 23:46:31 mmm stunnel: LOG4[7870:140491349628672]: Certificate
check failed: depth=0, /C=qq/ST=qq/O=qqq/OU=rer/CN=redf/emailAddress=rfd
Jul  6 23:46:31 mmm stunnel: LOG7[7872:140080853112576]: SSL alert
(read): fatal: unknown CA

What am I missing in understanding verify's level 4 ?




_______________________________________________
stunnel-users mailing list
stunnel-users@stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users

_______________________________________________
stunnel-users mailing list
stunnel-users@stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users