I'm trying to write a go program to connect to an stunnel server and verify the certificate but it fails because the go language requires that self-signed certs have keyCertSign set in the keyUsages. the default stunnel.cnf does not set this. According to the following message thread this is required by RFC 5280.
The solution to this is to add 'keyUsage = keyCertSign' to the stunnel.cnf.
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users