[stunnel-users] is verify level 4 working?

Thomas Eifert kxkvi at lavabit.com
Mon Jul 8 18:32:37 CEST 2013

You're not missing anything.  I've experienced a similar issue.  While 
verify = 4 generally works well in most cases and will ignore the CA
chain, I've encountered a few isolated incidences in which I've had to 
append or "chain" the server certificate with the certificate of the CA. 
Give it a shot and see if it resolves your issue.


On 7/8/2013 3:02 AM, dansmith wrote:
> I would expect that level 4 only compares locally installed
> certificates, however I get the same behaviour as with level 3, stunnel
> expects a CA cert.
> Here'e the relevant log when on level 4
> Jul  6 23:46:31 mmm stunnel: LOG7[7870:140491349628672]: Starting
> certificate verification: depth=0,
> /C=qq/ST=qq/O=qqq/OU=rer/CN=redf/emailAddress=rfd
> Jul  6 23:46:31 mmm stunnel: LOG4[7870:140491349628672]: CERT:
> Verification error: unable to get local issuer certificate
> Jul  6 23:46:31 mmm stunnel: LOG4[7870:140491349628672]: Certificate
> check failed: depth=0, /C=qq/ST=qq/O=qqq/OU=rer/CN=redf/emailAddress=rfd
> Jul  6 23:46:31 mmm stunnel: LOG7[7872:140080853112576]: SSL alert
> (read): fatal: unknown CA
> What am I missing in understanding verify's level 4 ?
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users

Attention: This message and all attachments are private and may contain 
information that is confidential and privileged. If you received this 
message in error, please notify the sender by reply email and delete the 
message immediately.

More information about the stunnel-users mailing list