Hi,
we're having a special use case and hope to find a solution in stunnel.
In our use case clients use self-signed X.509 certificates to authenticate with our TLS-server. We don't have a CA but a database with usernames (DN) and fingerprints of the client-certificates.
Is it possible with stunnel not to validate the client certificates against a CA but handover the Distinguished Name to an external application which returns the fingerprint to check the certificate against?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Rene Bartsch wrote:
Is it possible with stunnel not to validate the client certificates against a CA but handover the Distinguished Name to an external application which returns the fingerprint to check the certificate against?
This is not something supported by stunnel out of the box. It is certainly possible to add such a feature to stunnel.
Mike
-
Michal Trojnara -
Rene Bartsch