Dan,
I use verify = 4 with seven different servers, but it only misbehaves with one of them. There must be some aspect of the certificate that either OpenSSL or Stunnel is having an issue with.
Regards,
Thomas
On 7/11/2013 2:00 AM, dansmith wrote:
Thank you for clarifying. I generated a new self-signed certificate and verify=4 works.
However, when I generate a non-self-signed certificate signed by a third party CA, "verify=4" gives me the same error as in my initial post. It still expects to find CA's certificate together with the server's certificate in CAfile. The description in manpage is:*
level 4* Ignore CA chain and only verify peer certificate.
Apparently the description is inaccurate.
stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users