[stunnel-users] Why does verify=3 require the entire cert chain to be present in cafile?
Ludolf Holzheid
lholzheid at bihl-wiedemann.de
Wed Nov 2 09:49:21 CET 2011
On Tue, 2011-11-01 23:11:45 -0400, al_9x at yahoo.com wrote:
> On 10/15/2011 6:37 AM, al_9x at yahoo.com wrote:
>> If the leaf (server) cert is declared trusted (added to the cafile),
>> there is no point in walking the trust chain.
>
> Michal Trojnara, can you comment please? Can you support a mode of
> validation that allows one to trust the server certificate, without
> having to add the whole chain?
al_9x,
I think the technical issue has been discussed already.
Could you please provide a rationale for insisting in not using
self-singed certificates /and/ for refusing to have the one or two
additional certificates installed?
Ludolf
--
---------------------------------------------------------------
Ludolf Holzheid Tel: +49 621 339960
Bihl+Wiedemann GmbH Fax: +49 621 3392239
Floßwörthstraße 41 e-mail: lholzheid at bihl-wiedemann.de
D-68199 Mannheim, Germany
---------------------------------------------------------------
More information about the stunnel-users
mailing list