Hi Guys, Thank you for your feedback. I will re-test this feature.
Best regards,
Michal Trojnara
On 2013-07-08 18:32, Thomas Eifert wrote:
> You're not missing anything. I've experienced a similar issue. While
> verify = 4 generally works well in most cases and will ignore the CA
> chain, I've encountered a few isolated incidences in which I've had to
> append or "chain" the server certificate with the certificate of the
> CA. Give it a shot and see if it resolves your issue.
>
> Thomas
>
> On 7/8/2013 3:02 AM, dansmith wrote:
>> I would expect that level 4 only compares locally installed
>> certificates, however I get the same behaviour as with level 3, stunnel
>> expects a CA cert.
>> Here'e the relevant log when on level 4
>>
>> Jul 6 23:46:31 mmm stunnel: LOG7[7870:140491349628672]: Starting
>> certificate verification: depth=0,
>> /C=qq/ST=qq/O=qqq/OU=rer/CN=redf/emailAddress=rfd
>> Jul 6 23:46:31 mmm stunnel: LOG4[7870:140491349628672]: CERT:
>> Verification error: unable to get local issuer certificate
>> Jul 6 23:46:31 mmm stunnel: LOG4[7870:140491349628672]: Certificate
>> check failed: depth=0, /C=qq/ST=qq/O=qqq/OU=rer/CN=redf/emailAddress=rfd
>> Jul 6 23:46:31 mmm stunnel: LOG7[7872:140080853112576]: SSL alert
>> (read): fatal: unknown CA
>>
>> What am I missing in understanding verify's level 4 ?
>>
>>
>>
>>
>> _______________________________________________
>> stunnel-users mailing list
>> [email protected]
>> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>>
>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
