[stunnel-users] Difference between verify level 2 and 3

Ludolf Holzheid lholzheid at bihl-wiedemann.de
Wed Jul 16 08:29:17 CEST 2008


On Wed, 2008-07-16 11:31:02 +0530, Sandeep Kumar wrote:
> Sorry to send another mail. But I just want to ask if my mail is
> inappropriate or if the list itself is dead?
> 
> On Tue, Jul 15, 2008 at 1:39 AM, Sandeep Kumar <sandeep.iiit at gmail.com>
> wrote:
> 
> > Hi,
> >
> > I searched a lot on google, in the archives, and in the FAQ page, but could
> > not find the differences between verify levels 2 and 3, other than the one
> > line explanation given on the FAQ/man page.
> >
> > Specifically, I want to ask:
> > 1. Is verify level 3 same as 2, but asks for client certificates as well?
> > (Seems unlikely but still..)
> > 2. Since verify level 2 also demands CApath/CAfile to be present, then it
> > also is ultimately verifying against locally installed certs, which is
> > supposed to be level 3's behaviour?

As far as I understood, stunnel running in verify level 2 mode checks
for the presented certificates to be at least signed with one of the
(root) certificates installed. Stunnel running in verify level 3 mode
demands the presented certificate itself to be locally installed.

Ludolf

-- 

---------------------------------------------------------------
Ludolf Holzheid             Tel:    +49 621 339960
Bihl+Wiedemann GmbH         Fax:    +49 621 3392239
Floßwörthstraße 41          e-mail: lholzheid at bihl-wiedemann.de
D-68199 Mannheim, Germany
---------------------------------------------------------------




More information about the stunnel-users mailing list