[stunnel-users] Why does verify=3 require the entire cert chain to be present in cafile?
Ludolf Holzheid
lholzheid at bihl-wiedemann.de
Wed Nov 2 11:39:07 CET 2011
On Wed, 2011-11-02 05:41:57 -0400, al_9x at yahoo.com wrote:
> The concept of trusted server certs (as opposed to trusted authority
> certs) is well established. Firefox cert manager, for example, has a
> servers tab where you can import and trust specific server certs (self
> signed and not)
And Firefox accepts such certificates even if they can't be validated
(and thus are to be considered invalid)? I would regard this as a bug
or at least as a design flaw...
BTW, Firefox comes with about 200 certificates installed, and 200 is
much larger than five, which seems to be a pain for you.
Ludolf
--
---------------------------------------------------------------
Ludolf Holzheid Tel: +49 621 339960
Bihl+Wiedemann GmbH Fax: +49 621 3392239
Floßwörthstraße 41 e-mail: lholzheid at bihl-wiedemann.de
D-68199 Mannheim, Germany
---------------------------------------------------------------
More information about the stunnel-users
mailing list