On 11/3/2011 7:35 AM, Michal Trojnara wrote:
I wrote:
Please test it and let us know if that's what you expected: ftp://ftp.stunnel.org/stunnel/stunnel-4.46b2.tar.gz
I found an error! Please try: ftp://ftp.stunnel.org/stunnel/stunnel-4.46b3.tar.gz
Appears to be working, thanks. A couple of questions about verify=4:
1. Are the certificates restricted to the host(s) specified in them (CN, alt name)? Or will they validate any site that happens to return them?
2. I think some host restriction makes sense, but rather than use what's inside the cert, it would be good to allow the user to specify the host name(s) which a given cert should be restricted to.
3. The certificates are only used for server verification, they would never be treated as CA, right?