[stunnel-users] Weird verify behaviour using intermediate CAs

Simon Vallet sjv at genoscope.cns.fr
Mon Oct 5 15:45:08 CEST 2009


On Mon, 05 Oct 2009 15:09:02 +0200
delaage.pierre at free.fr wrote:

> Good new,
> "Actually, it also works when using CApath".
> I suppose you mean it also works without (it should).

It does (see the first two points). Both do.

> Since you are not using verify=3, you do not need CApath and it seems that it
> can only lead to bugs in your setup.I even wonder what you could put in that
> directive that could make sense in your config.

I've grown into the habit of using CApath since some CRL-checking
daemons do not provide for a separate CRLfile/CRLpath parameter and use
the same directory for trusted CAs and corresponding CRLs. It's mostly
a convenience setup so I can reuse existing scripts et al.

Regards,
Simon



More information about the stunnel-users mailing list