[stunnel-users] CN field of server cert
spambox at poczta.onet.pl
spambox at poczta.onet.pl
Sun May 15 02:02:04 CEST 2005
>> CAfile = ThawteServerCA.txt
In my example I'm not using "CApath" option.
Is there any difference between:
- CAfile which contains ThawteServerCA and peer cert
- CApatch with ddc328ff.0 (ThawteServerCA) and 313fe585.0 (smtp.gmail.com peer cert) files
Both ways work fine.
> No. You should download the peer certificate and verify it with verify=3.
Instead of downloading can I obtain this peer cert this way?
$ openssl s_client -connect smtp.gmail.com:465
> It's much better to have verify=3 and the exact certificate used
> by the server as the CAfile parameter.
That's the solution. Thank You.
More information about the stunnel-users
mailing list