Hi, I've recently set up stunnel for a remote vnc connection, and it's working great. However, I would like to restrict access based on cert (only allow access a single public key), because nobody else should be accessing it besides my one machine.

It seems what i want is to set verify = 3, but I'm using self-signed certs on my client, so verify = 3 fails.

Is there some way to verify the client public key without doing the self signed test too?

I'm sorry if this is a faq -- i searched the lists and read the faq and couldn't find anything.

Thanks!

(I'm running stunnel 4.04 on fedora1, and stunnel 4.04 on mac 10.3.7, installed via fink)

my stunnel.conf is pretty simple.

client conf is (sans connection info) client = yes cert = /sw/etc/stunnel/stunnel.pem chroot = /var/run/stunnel/ pid = /stunnel.pid setuid = stunnel setgid = stunnel

server conf is: client = no cert = /etc/stunnel/stunnel.pem CApath = /etc/stunnel/clientdb chroot = /var/run/stunnel/ verify=3 pid = /stunnel.pid setuid = stunnel setgid = stunnel

-------------------------------------------- MobyGames http://www.mobygames.com The world's largest and most comprehensive  gaming database project