[stunnel-users] Why does verify=3 require the entire cert chain to be present in cafile?

al_9x at yahoo.com al_9x at yahoo.com
Wed Nov 2 04:11:45 CET 2011

On 10/15/2011 6:37 AM, al_9x at yahoo.com wrote:
> If the leaf (server) cert is declared trusted (added to the cafile), 
> there is no point in walking the trust chain.

Michal Trojnara, can you comment please?  Can you support a mode of 
validation that allows one to trust the server certificate, without 
having to add the whole chain?

More information about the stunnel-users mailing list