[stunnel-users] stunnel and verify
Brian Hirt
bhirt at mobygames.com
Sat Jan 22 00:40:37 CET 2005
Hi, I've recently set up stunnel for a remote vnc connection, and it's
working great. However, I would like to restrict access based on cert
(only allow access a single public key), because nobody else should be
accessing it besides my one machine.
It seems what i want is to set verify = 3, but I'm using self-signed
certs on my client, so verify = 3 fails.
Is there some way to verify the client public key without doing the
self signed test too?
I'm sorry if this is a faq -- i searched the lists and read the faq
and couldn't find anything.
Thanks!
(I'm running stunnel 4.04 on fedora1, and stunnel 4.04 on mac 10.3.7,
installed via fink)
my stunnel.conf is pretty simple.
client conf is (sans connection info)
client = yes
cert = /sw/etc/stunnel/stunnel.pem
chroot = /var/run/stunnel/
pid = /stunnel.pid
setuid = stunnel
setgid = stunnel
server conf is:
client = no
cert = /etc/stunnel/stunnel.pem
CApath = /etc/stunnel/clientdb
chroot = /var/run/stunnel/
verify=3
pid = /stunnel.pid
setuid = stunnel
setgid = stunnel
--------------------------------------------
MobyGames
http://www.mobygames.com
The world's largest and most comprehensive
gaming database project
More information about the stunnel-users
mailing list