Re: [stunnel-users] Why does verify=3 require the entire cert chain to be present in cafile?

2 Nov 2011


      On Wed, 2011-11-02 05:41:57 -0400, al_9x@yahoo.com wrote:
...
The concept of trusted server certs (as opposed to trusted authority  
certs) is well established.  Firefox cert manager, for example, has a  
servers tab where you can import and trust specific server certs (self  
signed and not)
And Firefox accepts such certificates even if they can't be validated
(and thus are to be considered invalid)? I would regard this as a bug
or at least as a design flaw...
BTW, Firefox comes with about 200 certificates installed, and 200 is
much larger than five, which seems to be a pain for you.
Ludolf
-- 

---------------------------------------------------------------
Ludolf Holzheid             Tel:    +49 621 339960
Bihl+Wiedemann GmbH         Fax:    +49 621 3392239
Floßwörthstraße 41          e-mail: lholzheid@bihl-wiedemann.de
D-68199 Mannheim, Germany
---------------------------------------------------------------

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: [stunnel-users] Why does verify=3 require the entire cert chain to be present in cafile?