Correction: The cert issuer is Startcom Ltd, not Startcom LLC.
--
Greetings;
Stunnel 4.56 running under Win 7 SP1 x86.
Recently, the owners of a server I regularly connect to updated their server certificate; the former had expired at the end of May.
As soon as that event occurred, I deleted the old certificate, then used the "save peer certificate" function of Stunnel to get the updated one.
However, the new certificate fails to verify, even with the verify = 4 option in Stunnel. The error message is similar to what I used to get when doing a verify = 3 with some certificates. The general error output of Stunnel is:
CERT: Verification error: unable to get local issuer certificate 2013.06.09 16:37:46 LOG4[608:2336]: Certificate check failed: depth=0
When I open the new certificate with:
openssl x509 -text -in certname.pem
and view the certificate details, I'm not seeing anything obvious. The certificate is within a valid date range, and contains the same basic elements as other certs I've viewed. The certificate appears to have been issued by Startcom LLC.
If I comment out the verify statement, I'm able to successfully negotiate an SSL connection with the server.
I realize that this may be more of an openssl issue than an issue with Stunnel. Nevertheless, I thought I'd start here and throw it out to the floor for comments.
Anyone have any ideas or have run into this issue?
Regards,
Thomas