My standard configurations of stunnel use the verify=2 option. With recent versions of stunnel and openssl-0.9.8 for Linux systems, I have capath = /capath and stunnel searches directory /capath relative to chroot for the certificates. Using the same configuration file and openssl-1.0.0, this directory is no longer being searched. Any ideas about how to specify the location of capath with openssl-1.0.0?
Thanks,
Carter
Carter Browne wrote:
My standard configurations of stunnel use the verify=2 option. With recent versions of stunnel and openssl-0.9.8 for Linux systems, I have capath = /capath and stunnel searches directory /capath relative to chroot for the certificates. Using the same configuration file and openssl-1.0.0, this directory is no longer being searched. Any ideas about how to specify the location of capath with openssl-1.0.0?
I quickly googled for the answer and found it here: http://www.mail-archive.com/openssl-dev@openssl.org/msg26634.html
"Note that hash algorithm used for subject hashing is changed in OpenSSL 1.0, so all certificate stores have to be rehashed upon transition from 0.9.8 to 1.0.0."
Mike
-
Carter Browne -
Michal Trojnara