26 Oct
2011
26 Oct
'11
7:29 a.m.
On Tue, 2011-10-25 16:32:35 -0400, al_9x@yahoo.com wrote:
I am not dealing with my own certs or signing or revoking anything, I am making a client connection and want to validate the server cert by comparing it to the locally stored cert (verify=3) For this type of validation the the server cert should be sufficient.
al_9x,
The server is using its certificate (the associated private key, to be exact) for signing the session key, and this signature has to be valid.
Moreover, just comparing the certificates with the installed ones would turn them to simple passwords.
If you are running stunnel with verify=3, why don't you use self-signed certificates?
Ludolf
--
---------------------------------------------------------------
Ludolf Holzheid Tel: +49 621 339960
Bihl+Wiedemann GmbH Fax: +49 621 3392239
Floßwörthstraße 41 e-mail: lholzheid@bihl-wiedemann.de
D-68199 Mannheim, Germany
---------------------------------------------------------------