[stunnel-users] is verify level 4 working?
Michal.Trojnara at mirt.net
Mon Jul 8 22:38:11 CEST 2013
Thank you for your feedback. I will re-test this feature.
On 2013-07-08 18:32, Thomas Eifert wrote:
> You're not missing anything. I've experienced a similar issue. While
> verify = 4 generally works well in most cases and will ignore the CA
> chain, I've encountered a few isolated incidences in which I've had to
> append or "chain" the server certificate with the certificate of the
> CA. Give it a shot and see if it resolves your issue.
> On 7/8/2013 3:02 AM, dansmith wrote:
>> I would expect that level 4 only compares locally installed
>> certificates, however I get the same behaviour as with level 3, stunnel
>> expects a CA cert.
>> Here'e the relevant log when on level 4
>> Jul 6 23:46:31 mmm stunnel: LOG7[7870:140491349628672]: Starting
>> certificate verification: depth=0,
>> Jul 6 23:46:31 mmm stunnel: LOG4[7870:140491349628672]: CERT:
>> Verification error: unable to get local issuer certificate
>> Jul 6 23:46:31 mmm stunnel: LOG4[7870:140491349628672]: Certificate
>> check failed: depth=0, /C=qq/ST=qq/O=qqq/OU=rer/CN=redf/emailAddress=rfd
>> Jul 6 23:46:31 mmm stunnel: LOG7[7872:140080853112576]: SSL alert
>> (read): fatal: unknown CA
>> What am I missing in understanding verify's level 4 ?
>> stunnel-users mailing list
>> stunnel-users at stunnel.org
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 196 bytes
Desc: OpenPGP digital signature
More information about the stunnel-users