
15 May
2005
15 May
'05
11 p.m.
spambox@poczta.onet.pl wrote:
Is there any difference between: - CAfile which contains ThawteServerCA and peer cert - CApatch with ddc328ff.0 (ThawteServerCA) and 313fe585.0 (smtp.gmail.com peer cert) files
There's no difference other than CAfile is a bit easier to setup while CApath allows to add certificates without restarting stunnel.
No. You should download the peer certificate and verify it with verify=3. Instead of downloading can I obtain this peer cert this way? $ openssl s_client -connect smtp.gmail.com:465
Yes. That's the recommended way to download a certificate from an SSL server. Best regards, Mike