15 May
2005
15 May
'05
12:02 a.m.
CAfile = ThawteServerCA.txt
In my example I'm not using "CApath" option. Is there any difference between: - CAfile which contains ThawteServerCA and peer cert - CApatch with ddc328ff.0 (ThawteServerCA) and 313fe585.0 (smtp.gmail.com peer cert) files
Both ways work fine.
No. You should download the peer certificate and verify it with verify=3.
Instead of downloading can I obtain this peer cert this way? $ openssl s_client -connect smtp.gmail.com:465
It's much better to have verify=3 and the exact certificate used by the server as the CAfile parameter.
That's the solution. Thank You.