Re: [stunnel-users] Why does verify=3 require the entire cert chain to be present in cafile?

On 10/15/2011 6:37 AM, [email protected] wrote:

If the leaf (server) cert is declared trusted (added to the cafile), there is no point in walking the trust chain.

Please explain why it's necessary to add the whole chain to cafile. Why is just the server cert insufficient? Thanks.