You're not missing anything. I've experienced a similar issue. While verify = 4 generally works well in most cases and will ignore the CA chain, I've encountered a few isolated incidences in which I've had to append or "chain" the server certificate with the certificate of the CA. Give it a shot and see if it resolves your issue. Thomas On 7/8/2013 3:02 AM, dansmith wrote:
I would expect that level 4 only compares locally installed certificates, however I get the same behaviour as with level 3, stunnel expects a CA cert. Here'e the relevant log when on level 4
Jul 6 23:46:31 mmm stunnel: LOG7[7870:140491349628672]: Starting certificate verification: depth=0, /C=qq/ST=qq/O=qqq/OU=rer/CN=redf/emailAddress=rfd Jul 6 23:46:31 mmm stunnel: LOG4[7870:140491349628672]: CERT: Verification error: unable to get local issuer certificate Jul 6 23:46:31 mmm stunnel: LOG4[7870:140491349628672]: Certificate check failed: depth=0, /C=qq/ST=qq/O=qqq/OU=rer/CN=redf/emailAddress=rfd Jul 6 23:46:31 mmm stunnel: LOG7[7872:140080853112576]: SSL alert (read): fatal: unknown CA
What am I missing in understanding verify's level 4 ?
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
-- Attention: This message and all attachments are private and may contain information that is confidential and privileged. If you received this message in error, please notify the sender by reply email and delete the message immediately.