[stunnel-users] Certificate failure to verify with verify = 4 option

Thomas Eifert kxkvi at lavabit.com
Mon Jun 10 17:59:30 CEST 2013

Hi Ludolf:

I understand what you're saying. Nevertheless, I'm under the impression
that level 4's purpose was to ignore the CA chain entirely.  From the
Stunnel manual:

"level 4

     Ignore CA chain and only verify peer certificate."



On 6/10/2013 4:33 AM, Ludolf Holzheid wrote:
> On Sun, 2013-06-09 17:18:50 -0500, Thomas Eifert wrote:
>> [..]
>> CERT: Verification error: unable to get local issuer certificate
>> 2013.06.09 16:37:46 LOG4[608:2336]: Certificate check failed: depth=0
> I suppose it's what the error message says:
> Stunnel tries to verify the new certificate by following the
> certificate chain down to a trusted root certificate, and fails
> checking the issuer of a certificate involved.
> Maybe Startcom didn't only change the server certificate, but some
> intermediate certificates too.  If this is the case, you may have to
> download and store the intermediate certificates so stunnel able to
> find them.
> HTH,
> Ludolf

Attention: This message and all attachments are private and may contain 
information that is confidential and privileged. If you received this 
message in error, please notify the sender by reply email and delete the 
message immediately.

More information about the stunnel-users mailing list