Hi,

we use c_rehash to upgrade client certificates and we have multiple certificates with the same hash (e.g. same subject but different start-/end validity) like:

ee98f073.0 ee98f073.1 ee98f073.2

The man-page description for the CApath option seems to be correct what stunnel will do:

Note that the certificates in this directory should be named XXXXXXXX.0 where XXXXXXXX is the hash value of the DER encoded subject of the cert.

It seems only certificates with the ending .0 is used by stunnel and the others certificate hashes with higher numbers are never used/read. Can you confirm?

Any idea how to use all certificates with stunnel?

BTW. we tested with version 4.56 and latest 5.5

Regards, Marco