Hi Ludolf:
I understand what you're saying. Nevertheless, I'm under the impression
that level 4's purpose was to ignore the CA chain entirely. From the
Stunnel manual:
"level 4
Ignore CA chain and only verify peer certificate."
Regards,
Thomas
On 6/10/2013 4:33 AM, Ludolf Holzheid wrote:
On Sun, 2013-06-09 17:18:50 -0500, Thomas Eifert wrote:
[..]
CERT: Verification error: unable to get local issuer certificate
2013.06.09 16:37:46 LOG4[608:2336]: Certificate check failed: depth=0
I suppose it's what the error message says:
Stunnel tries to verify the new certificate by following the
certificate chain down to a trusted root certificate, and fails
checking the issuer of a certificate involved.
Maybe Startcom didn't only change the server certificate, but some
intermediate certificates too. If this is the case, you may have to
download and store the intermediate certificates so stunnel able to
find them.
HTH,
Ludolf
--
Attention: This message and all attachments are private and may contain information that is confidential and privileged. If you received this message in error, please notify the sender by reply email and delete the message immediately.
_______________________________________________
stunnel-users mailing list
stunnel-users@stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users