[stunnel-users] More Issues with Openssl 1.0.0

Michal Trojnara Michal.Trojnara at mirt.net
Wed Mar 31 21:15:31 CEST 2010


Carter Browne wrote:
> My standard configurations of stunnel use the verify=2 option.  With
> recent versions of stunnel and openssl-0.9.8 for Linux systems, I have
> capath = /capath and stunnel searches directory /capath relative to
> chroot for the certificates.  Using the same configuration file and
> openssl-1.0.0, this directory is no longer being searched.  Any ideas
> about how to specify the location of capath with openssl-1.0.0?

I quickly googled for the answer and found it here:
http://www.mail-archive.com/[email protected]/msg26634.html

"Note that hash algorithm used for subject hashing is changed in OpenSSL
1.0, so all certificate stores have to be rehashed upon transition from
0.9.8 to 1.0.0."

Mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20100331/ccb95e4d/attachment.sig>


More information about the stunnel-users mailing list