16 May
2005
16 May
'05
7 a.m.
spambox@poczta.onet.pl wrote:
Is there any difference between:
- CAfile which contains ThawteServerCA and peer cert
- CApatch with ddc328ff.0 (ThawteServerCA) and 313fe585.0 (smtp.gmail.com
peer cert) files
There's no difference other than CAfile is a bit easier to setup while CApath allows to add certificates without restarting stunnel.
No. You should download the peer certificate and verify it with verify=3.
Instead of downloading can I obtain this peer cert this way? $ openssl s_client -connect smtp.gmail.com:465
Yes. That's the recommended way to download a certificate from an SSL server.
Best regards, Mike