I'm trying to write a go program to connect to an stunnel server and verify the certificate but it fails because the go language requires that self-signed certs have keyCertSign set in the keyUsages. the default stunnel.cnf does not set this. According to the following message thread this is required by RFC 5280.
https://groups.google.com/forum/#!msg/golang-nuts/LfLHjVkeSj8/YyP-LSPEytEJ The solution to this is to add 'keyUsage = keyCertSign' to the stunnel.cnf.
_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
