[stunnel-users] Certificate failure to verify with verify = 4 option
kxkvi at lavabit.com
Mon Jun 10 00:06:46 CEST 2013
Stunnel 4.56 running under Win 7 SP1 x86.
Recently, the owners of a server I regularly connect to updated their
server certificate; the former had expired at the end of May.
As soon as that event occurred, I deleted the old certificate, then used
the "save peer certificate" function of Stunnel to get the updated one.
However, the new certificate fails to verify, even with the verify = 4
option in Stunnel. The error message is similar to what I used to get
when doing a verify = 3 with some certificates. The general error
output of Stunnel is:
CERT: Verification error: unable to get local issuer certificate
2013.06.09 16:37:46 LOG4[608:2336]: Certificate check failed: depth=0
When I open the new certificate with:
openssl x509 -text -in certname.pem
and view the certificate details, I'm not seeing anything obvious.
The certificate is within a valid date range, and contains the same
basic elements as other certs I've viewed. The certificate appears
to have been issued by Startcom LLC.
If I comment out the verify statement, I'm able to successfully
negotiate an SSL connection with the server.
I realize that this may be more of an openssl issue than an issue with
Stunnel. Nevertheless, I thought I'd start here and throw it out to
the floor for comments.
Anyone have any ideas or have run into this issue?
Attention: This message and all attachments are private and may contain
information that is confidential and privileged. If you received this
message in error, please notify the sender by reply email and delete the
More information about the stunnel-users