[stunnel-users] CN field of server cert

• Previous message (by thread): [stunnel-users] CN field of server cert
• Next message (by thread): [stunnel-users] CN field of server cert
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>> CAfile = ThawteServerCA.txt

In my example I'm not using "CApath" option.
Is there any difference between:
 - CAfile which contains ThawteServerCA and peer cert
 - CApatch with ddc328ff.0 (ThawteServerCA) and 313fe585.0 (smtp.gmail.com peer cert) files

Both ways work fine.

> No.  You should download the peer certificate and verify it with verify=3.

Instead of downloading can I obtain this peer cert this way?
$ openssl s_client -connect smtp.gmail.com:465

> It's much better to have verify=3 and the exact certificate used
> by the server as the CAfile parameter.

That's the solution. Thank You.

• Previous message (by thread): [stunnel-users] CN field of server cert
• Next message (by thread): [stunnel-users] CN field of server cert
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]