[stunnel-users] Certificate failure to verify with verify = 4 option

724live 724live at gmail.com
Mon Jun 10 18:10:03 CEST 2013


can you remove my email from stunnel list?
Thank you.


On Mon, Jun 10, 2013 at 6:59 PM, Thomas Eifert <kxkvi at lavabit.com> wrote:

> Hi Ludolf:
>
> I understand what you're saying. Nevertheless, I'm under the impression
> that level 4's purpose was to ignore the CA chain entirely.  From the
> Stunnel manual:
>
> "level 4
>
>     Ignore CA chain and only verify peer certificate."
>
> Regards,
>
> Thomas
>
>
> On 6/10/2013 4:33 AM, Ludolf Holzheid wrote:
>
>> On Sun, 2013-06-09 17:18:50 -0500, Thomas Eifert wrote:
>>
>>>
>>> [..]
>>>
>>> CERT: Verification error: unable to get local issuer certificate
>>> 2013.06.09 16:37:46 LOG4[608:2336]: Certificate check failed: depth=0
>>>
>>
>> I suppose it's what the error message says:
>>
>> Stunnel tries to verify the new certificate by following the
>> certificate chain down to a trusted root certificate, and fails
>> checking the issuer of a certificate involved.
>>
>> Maybe Startcom didn't only change the server certificate, but some
>> intermediate certificates too.  If this is the case, you may have to
>> download and store the intermediate certificates so stunnel able to
>> find them.
>>
>> HTH,
>>
>> Ludolf
>>
>>
> --
> Attention: This message and all attachments are private and may contain
> information that is confidential and privileged. If you received this
> message in error, please notify the sender by reply email and delete the
> message immediately.
>
> ______________________________**_________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> https://www.stunnel.org/cgi-**bin/mailman/listinfo/stunnel-**users<https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20130610/93bc0632/attachment.html>


More information about the stunnel-users mailing list