[stunnel-users] Stunnel and configuration

Michal Trojnara Michal.Trojnara at mobi-com.net
Tue Feb 22 17:03:01 CET 2005


Bohdan Linda wrote:

> In other words, is it safe to use together:
> CAfile=/path/to/my/cacert.pem
> CApath=/path/to/only/clientcerts

Yes.

> Does not one override other?

No.

> Do you have your cacert.pem symlinked in 
> your CApath?

No.

> And lastly as CApath is within chroot, what is the impact 
> if certificates stored in are "stolen" by successfull break-in?

Certificates are public, so there's no additional impact.
What you need to protect is your private key.

Best regards,
    Mike



More information about the stunnel-users mailing list