hello mike,
#1. I added a crlpath in my stunnel.conf and it was picked up on the next start of stunnel as i can see from this log output
2006.11.21 17:49:46 LOG7[18581:3086255808]: Certificate: /etc/stunnel/stunnel.pem
2006.11.21 17:49:46 LOG7[18581:3086255808]: Key file: /etc/stunnel/stunnel.pem
2006.11.21 17:49:46 LOG7[18581:3086255808]: Verify directory set to /etc/stunnel/certificates
2006.11.21 17:49:46 LOG7[18581:3086255808]: CRL directory set to /etc/stunnel/certificates-revoke
#2. i did not have any certs in my capath or crlpath
#3. When i tried to connect from a remote machine, it was denied because it was a self signed cert, as it should.
#4. So then i copied the correctly name *.0 cert file to my CApath and tried connecting again from a remote box
This time it connected just fine, as it should
#5 then i moved the cert from the capath to the crlpath
When i tried to connect from the remote sensor, it was still able to connect and was able to connect until i restarted stunnel on the local server.
#6. After restarting stunnel on the local server i was not able to connect from the remote client, but i was given the same error as I was on step #3, its not as if the cert was rejected, it just said "bad certificate, self signed cert"