Hi,
If I hash the client certificates and put them in a folder (with file names <hash>.0), and use the CAPath parameter on the server, together with verify=3, the server's Certificate Request message contains an empty list of "Distinguished Names". However, if I put the client certificates concatenated in a .pem file, and use the CAFile parameter on the server, the Certificate Request message does contain the Distinguished Names.
Is this the correct behavior? I thought CAFile and CAPath worked more or less in the same way, but perhaps the Certificate Request message is implemented differently, depending on if you use CAFile or CAPath? My preferred way is to use CAPath: Is there some way I can get the Distinguished Names not to be empty, when using CAPath?
I'm on Windows, using stunnel version 5.49, currently.
Thanks in advance! Kind regards, /David