[stunnel-users] Weird verify behaviour using intermediate CAs
Simon Vallet
sjv at genoscope.cns.fr
Mon Oct 5 15:45:08 CEST 2009
On Mon, 05 Oct 2009 15:09:02 +0200
delaage.pierre at free.fr wrote:
> Good new,
> "Actually, it also works when using CApath".
> I suppose you mean it also works without (it should).
It does (see the first two points). Both do.
> Since you are not using verify=3, you do not need CApath and it seems that it
> can only lead to bugs in your setup.I even wonder what you could put in that
> directive that could make sense in your config.
I've grown into the habit of using CApath since some CRL-checking
daemons do not provide for a separate CRLfile/CRLpath parameter and use
the same directory for trusted CAs and corresponding CRLs. It's mostly
a convenience setup so I can reuse existing scripts et al.
Regards,
Simon
More information about the stunnel-users
mailing list