Michal:
Thanks for taking the time to answer a question about a non-stunnel issue.
I saw the verify=4 in the manual, but was unsure about whether or not it validated against the locally installed certificate. I updated my stunnel.conf, and am no longer having any issues.
Thanks again; you are one of the unsung heroes.
Thomas
On 1/13/2012 11:17 AM, Michal Trojnara wrote:
Thomas Eifert wrote:
2012.01.12 14:05:01 LOG4[292:3840]: CERT: Verification error: unable to get local issuer certificate
Unfortunately sending root CA certificate within the chain is optional. This is why root CA certificate didn't make it to your peer-nntps3.pem.
The good news is that in recent versions of stunnel I implemented a solution for it:
verify = 3
Replace it with "verify = 4". This option only checks the peer certificate, and ignores all other certificates in the chain.
Mike _______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org http://stunnel.mirt.net/mailman/listinfo/stunnel-users