[stunnel-users] Validation of certificate

Edouard Dessioux edessioux at tibco.fr
Wed Feb 13 09:45:02 CET 2008

Thanks for your quick answer.
Just to be clear, this means that all my user certificates should be (or at least accessible) on the stunnel server. That may not be what we want.

For the sponsoring, you must know that Tibco.fr is not the same as Tibco.com, the software company. But I'll whisper the idea to my boss and see what it become. Does this means that the way I intended to do it made a sense for you ?

 Directeur de Projets
Tibco Mobile
 3, rue Danton – 92240 Malakoff
 Tél : +33 (0)1 55 58 04 59 - Fax : +33 (0)1 55 58 03 89 – Mob. +33 (0)6 34 02 61 54
 E-mail : edessioux at tibco.fr – www.tibcomobile.fr 
Faites un geste pour la planète, n'imprimez ce message que si nécessaire.
-----Message d'origine-----
De : Michał Trojnara [mailto:Michal.Trojnara at mirt.net] 
Envoyé : mercredi 13 février 2008 09:24
À : stunnel-users at mirt.net
Cc : Edouard Dessioux; Bruno Deprez
Objet : Re: [stunnel-users] Validation of certificate

Edouard Dessioux wrote:
> What I would like to do is : I have a PKI already deployed with many
> certificates, and I want only a small subset of them to be validated by
> the stunnel.

The elegant solution for this problem is to collect all the certificates
you want to grant access (CAfile or CApath) and then authenticate those
certificates only (with "verify=3").

> I thought of using multiples OU fields to « tags » some users, but can
> this fields be checked by stunnel ?

Currently - no, but Tibco could sponsor such feature.

Best regards,

More information about the stunnel-users mailing list