[stunnel-users] is verify level 4 working?
Michal Trojnara
Michal.Trojnara at mirt.net
Mon Jul 8 22:38:11 CEST 2013
Hi Guys,
Thank you for your feedback. I will re-test this feature.
Best regards,
Michal Trojnara
On 2013-07-08 18:32, Thomas Eifert wrote:
> You're not missing anything. I've experienced a similar issue. While
> verify = 4 generally works well in most cases and will ignore the CA
> chain, I've encountered a few isolated incidences in which I've had to
> append or "chain" the server certificate with the certificate of the
> CA. Give it a shot and see if it resolves your issue.
>
> Thomas
>
> On 7/8/2013 3:02 AM, dansmith wrote:
>> I would expect that level 4 only compares locally installed
>> certificates, however I get the same behaviour as with level 3, stunnel
>> expects a CA cert.
>> Here'e the relevant log when on level 4
>>
>> Jul 6 23:46:31 mmm stunnel: LOG7[7870:140491349628672]: Starting
>> certificate verification: depth=0,
>> /C=qq/ST=qq/O=qqq/OU=rer/CN=redf/emailAddress=rfd
>> Jul 6 23:46:31 mmm stunnel: LOG4[7870:140491349628672]: CERT:
>> Verification error: unable to get local issuer certificate
>> Jul 6 23:46:31 mmm stunnel: LOG4[7870:140491349628672]: Certificate
>> check failed: depth=0, /C=qq/ST=qq/O=qqq/OU=rer/CN=redf/emailAddress=rfd
>> Jul 6 23:46:31 mmm stunnel: LOG7[7872:140080853112576]: SSL alert
>> (read): fatal: unknown CA
>>
>> What am I missing in understanding verify's level 4 ?
>>
>>
>>
>>
>> _______________________________________________
>> stunnel-users mailing list
>> stunnel-users at stunnel.org
>> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: OpenPGP digital signature
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20130708/68e4a22f/attachment.sig>
More information about the stunnel-users
mailing list