[stunnel-users] stunnel and verify

Brian Hirt bhirt at mobygames.com
Sat Jan 22 00:40:37 CET 2005


Hi, I've recently set up stunnel for a remote vnc connection, and it's 
working great.   However, I would like to restrict access based on cert 
(only allow access a single public key), because nobody else should be 
accessing it besides my one machine.

It seems what i want is to set verify = 3, but I'm using self-signed 
certs on my client, so verify = 3 fails.

Is there some way to verify the client public key without doing the 
self signed test too?

I'm sorry if this is a faq -- i searched the lists and read the  faq 
and couldn't find anything.

Thanks!

(I'm running stunnel 4.04 on fedora1, and stunnel 4.04 on mac 10.3.7, 
installed via fink)

my stunnel.conf is pretty simple.

client conf is (sans connection info)
client = yes
cert = /sw/etc/stunnel/stunnel.pem
chroot = /var/run/stunnel/
pid = /stunnel.pid
setuid = stunnel
setgid = stunnel


server conf is:
client = no
cert = /etc/stunnel/stunnel.pem
CApath = /etc/stunnel/clientdb
chroot = /var/run/stunnel/
verify=3
pid = /stunnel.pid
setuid = stunnel
setgid = stunnel

--------------------------------------------
MobyGames
http://www.mobygames.com
The world's largest and most comprehensive 
gaming database project



More information about the stunnel-users mailing list