I have inherited an old stunnel installation, configured for mutual authentication (verify=3) and I'm trying to figure out some of the choices of the old sysadmin.

One of the client certificates in the CApath directory has its private key encrypted with a password. 

Is the client supposed to provide the password to decrypt the key when it connects?

Thank you

G