Hi,
I searched a lot on google, in the archives, and in the FAQ page, but could not find the differences between verify levels 2 and 3, other than the one line explanation given on the FAQ/man page.
Specifically, I want to ask: 1. Is verify level 3 same as 2, but asks for client certificates as well? (Seems unlikely but still..) 2. Since verify level 2 also demands CApath/CAfile to be present, then it also is ultimately verifying against locally installed certs, which is supposed to be level 3's behaviour?
Thanks & regards, Sandeep Kumar http://web.iiit.ac.in/~sandeep_kr
Sorry to send another mail. But I just want to ask if my mail is inappropriate or if the list itself is dead?
On Tue, Jul 15, 2008 at 1:39 AM, Sandeep Kumar sandeep.iiit@gmail.com wrote:
Hi,
I searched a lot on google, in the archives, and in the FAQ page, but could not find the differences between verify levels 2 and 3, other than the one line explanation given on the FAQ/man page.
Specifically, I want to ask:
- Is verify level 3 same as 2, but asks for client certificates as well?
(Seems unlikely but still..) 2. Since verify level 2 also demands CApath/CAfile to be present, then it also is ultimately verifying against locally installed certs, which is supposed to be level 3's behaviour?
Thanks & regards, Sandeep Kumar http://web.iiit.ac.in/~sandeep_kr http://web.iiit.ac.in/%7Esandeep_kr
On Wed, 2008-07-16 11:31:02 +0530, Sandeep Kumar wrote:
Sorry to send another mail. But I just want to ask if my mail is inappropriate or if the list itself is dead?
On Tue, Jul 15, 2008 at 1:39 AM, Sandeep Kumar sandeep.iiit@gmail.com wrote:
Hi,
I searched a lot on google, in the archives, and in the FAQ page, but could not find the differences between verify levels 2 and 3, other than the one line explanation given on the FAQ/man page.
Specifically, I want to ask:
- Is verify level 3 same as 2, but asks for client certificates as well?
(Seems unlikely but still..) 2. Since verify level 2 also demands CApath/CAfile to be present, then it also is ultimately verifying against locally installed certs, which is supposed to be level 3's behaviour?
As far as I understood, stunnel running in verify level 2 mode checks for the presented certificates to be at least signed with one of the (root) certificates installed. Stunnel running in verify level 3 mode demands the presented certificate itself to be locally installed.
Ludolf