[stunnel-users] Why does verify=3 require the entire cert chain to be present in cafile?

al_9x at yahoo.com al_9x at yahoo.com
Mon Oct 24 07:21:45 CEST 2011


On 10/15/2011 6:37 AM, al_9x at yahoo.com wrote:
> If the leaf (server) cert is declared trusted (added to the cafile), 
> there is no point in walking the trust chain.
>

Please explain why it's necessary to add the whole chain to cafile.  Why 
is just the server cert insufficient?

Thanks.






More information about the stunnel-users mailing list