[stunnel-users] Why does verify=3 require the entire cert chain to be present in cafile?

• Previous message (by thread): [stunnel-users] Why does verify=3 require the entire cert chain to be present in cafile?
• Next message (by thread): [stunnel-users] Why does verify=3 require the entire cert chain to be present in cafile?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 2011-11-01 23:11:45 -0400, al_9x at yahoo.com wrote:
> On 10/15/2011 6:37 AM, al_9x at yahoo.com wrote:
>> If the leaf (server) cert is declared trusted (added to the cafile),  
>> there is no point in walking the trust chain.
>
> Michal Trojnara, can you comment please?  Can you support a mode of  
> validation that allows one to trust the server certificate, without  
> having to add the whole chain?

al_9x,

I think the technical issue has been discussed already.

Could you please provide a rationale for insisting in not using
self-singed certificates /and/ for refusing to have the one or two
additional certificates installed?

Ludolf

-- 

---------------------------------------------------------------
Ludolf Holzheid             Tel:    +49 621 339960
Bihl+Wiedemann GmbH         Fax:    +49 621 3392239
Floßwörthstraße 41          e-mail: lholzheid at bihl-wiedemann.de
D-68199 Mannheim, Germany
---------------------------------------------------------------

• Previous message (by thread): [stunnel-users] Why does verify=3 require the entire cert chain to be present in cafile?
• Next message (by thread): [stunnel-users] Why does verify=3 require the entire cert chain to be present in cafile?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]