[stunnel-users] Difference between verify=2, 3 and 4
Nikolaus Rath
Nikolaus at rath.org
Fri Sep 20 18:25:24 CEST 2013
Jochen Bern <Jochen.Bern at LINworks.de> writes:
> On 20.09.2013 05:27, Nikolaus Rath wrote:
>> So in which case would I ever use 3? Somehow I
>> can't think of such a situation. If I already explicitly trust a
>> specific certificate, why would I be interested in checking the CA
>> chain?
>
> Imagine the CA (or one of the intermediate CAs) getting compromised and
> corresponding revocations becoming available to your machine (by OS
> updates, OCSP, whatever) before you hear of the incident.
FWIW, I still don't see why I'd use verify=3 in that case.
Best,
Nikolaus
--
Encrypted emails preferred.
PGP fingerprint: 5B93 61F8 4EA2 E279 ABF6 02CF A9AD B7F8 AE4E 425C
»Time flies like an arrow, fruit flies like a Banana.«
More information about the stunnel-users
mailing list