[stunnel-users] Why does verify=3 require the entire cert chain to be present in cafile?
Michal.Trojnara at mirt.net
Thu Nov 3 10:41:54 CET 2011
al_9x at yahoo.com wrote:
> I am not suggesting you should abandon normal CA based validation,
> but that in addition to it, you could support an alternative
> validation model where the user can grant trust to the server cert,
> which renders any further validation unnecessary. Considering you
> support running without any validation whatsoever, doesn't make sense
> that you object to this alternative approach.
I've implemented this functionality as "verify=4".
Please test it and let us know if that's what you expected:
A similar idea was proposed for the OpenSSL protocol itself:
More information about the stunnel-users