[stunnel-users] CN field of server cert

Michal Trojnara Michal.Trojnara at mobi-com.net
Mon May 16 09:00:36 CEST 2005


spambox at poczta.onet.pl wrote:
> Is there any difference between:
> - CAfile which contains ThawteServerCA and peer cert
> - CApatch with ddc328ff.0 (ThawteServerCA) and 313fe585.0 (smtp.gmail.com 
> peer cert) files

There's no difference other than CAfile is a bit easier to setup while 
CApath allows to add certificates without restarting stunnel.

>> No.  You should download the peer certificate and verify it with 
>> verify=3.
> Instead of downloading can I obtain this peer cert this way?
> $ openssl s_client -connect smtp.gmail.com:465

Yes.  That's the recommended way to download a certificate from an SSL 
server.

Best regards,
    Mike 




More information about the stunnel-users mailing list