[stunnel-users] Why does verify=3 require the entire cert chain to be present in cafile?

al_9x at yahoo.com al_9x at yahoo.com
Mon Oct 24 07:21:45 CEST 2011

Previous message (by thread): [stunnel-users] Why does verify=3 require the entire cert chain to be present in cafile?
Next message (by thread): [stunnel-users] Why does verify=3 require the entire cert chain to be present in cafile?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 10/15/2011 6:37 AM, al_9x at yahoo.com wrote:
> If the leaf (server) cert is declared trusted (added to the cafile), 
> there is no point in walking the trust chain.
>

Please explain why it's necessary to add the whole chain to cafile.  Why 
is just the server cert insufficient?

Thanks.

Previous message (by thread): [stunnel-users] Why does verify=3 require the entire cert chain to be present in cafile?
Next message (by thread): [stunnel-users] Why does verify=3 require the entire cert chain to be present in cafile?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stunnel-users mailing list