[stunnel-users] Certificate failure to verify with verify = 4 option
724live
724live at gmail.com
Mon Jun 10 18:10:03 CEST 2013
can you remove my email from stunnel list?
Thank you.
On Mon, Jun 10, 2013 at 6:59 PM, Thomas Eifert <kxkvi at lavabit.com> wrote:
> Hi Ludolf:
>
> I understand what you're saying. Nevertheless, I'm under the impression
> that level 4's purpose was to ignore the CA chain entirely. From the
> Stunnel manual:
>
> "level 4
>
> Ignore CA chain and only verify peer certificate."
>
> Regards,
>
> Thomas
>
>
> On 6/10/2013 4:33 AM, Ludolf Holzheid wrote:
>
>> On Sun, 2013-06-09 17:18:50 -0500, Thomas Eifert wrote:
>>
>>>
>>> [..]
>>>
>>> CERT: Verification error: unable to get local issuer certificate
>>> 2013.06.09 16:37:46 LOG4[608:2336]: Certificate check failed: depth=0
>>>
>>
>> I suppose it's what the error message says:
>>
>> Stunnel tries to verify the new certificate by following the
>> certificate chain down to a trusted root certificate, and fails
>> checking the issuer of a certificate involved.
>>
>> Maybe Startcom didn't only change the server certificate, but some
>> intermediate certificates too. If this is the case, you may have to
>> download and store the intermediate certificates so stunnel able to
>> find them.
>>
>> HTH,
>>
>> Ludolf
>>
>>
> --
> Attention: This message and all attachments are private and may contain
> information that is confidential and privileged. If you received this
> message in error, please notify the sender by reply email and delete the
> message immediately.
>
> ______________________________**_________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> https://www.stunnel.org/cgi-**bin/mailman/listinfo/stunnel-**users<https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20130610/93bc0632/attachment.html>
More information about the stunnel-users
mailing list