[stunnel-users] Stunnel and configuration

Bohdan Linda b.linda at volny.cz
Tue Feb 22 16:56:55 CET 2005

> I use the CApath = directory directive for my client certificates.  
> The client certificates are pointed to by hashed symlinks.  Also makes 
> it a lot easier to remove a client certificate if you want to revoke 
> access to your stunnel for that particular certificate.

In other words, is it safe to use together:

Does not one override other? Do you have your cacert.pem symlinked in 
your CApath? And lastly as CApath is within chroot, what is the impact 
if certificates stored in are "stolen" by successfull break-in?

> CRL file is *not* 'only certificates signed by my CA', it stands for: 
> do not let any certificates *revoked* by my CA in.
Thanks for the explanation.


More information about the stunnel-users mailing list