[stunnel-users] Why does verify=3 require the entire cert chain to be present in cafile?

al_9x at yahoo.com al_9x at yahoo.com
Mon Oct 24 07:21:45 CEST 2011

On 10/15/2011 6:37 AM, al_9x at yahoo.com wrote:
> If the leaf (server) cert is declared trusted (added to the cafile), 
> there is no point in walking the trust chain.

Please explain why it's necessary to add the whole chain to cafile.  Why 
is just the server cert insufficient?


More information about the stunnel-users mailing list