[stunnel-users] Difference between verify=2, 3 and 4
Michal Trojnara
Michal.Trojnara at mirt.net
Fri Sep 20 07:28:37 CEST 2013
On 2013-09-20 05:27, Nikolaus Rath wrote:
>> IMHO most stunnel deployments *should* use "verify = 4".
> Thanks for explanations. So in which case would I ever use 3? Somehow I
> can't think of such a situation. If I already explicitly trust a
> specific certificate, why would I be interested in checking the CA
> chain?
Good point. The reason is historical: "verify = 4" was added just 2
years ago. As stunnel is 15 years old I decided to keep "verify = 3"
for backward compatibility. Alternatively I could have replaced the
existing functionality of "verify = 3", but most people expect
modifications of the already defined functionality on software updates
to be as small as possible.
Mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: OpenPGP digital signature
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20130920/ac1c27ef/attachment.sig>
More information about the stunnel-users
mailing list