[stunnel-users] Certificate failure to verify with verify = 4 option
724live at gmail.com
Mon Jun 10 18:10:03 CEST 2013
can you remove my email from stunnel list?
On Mon, Jun 10, 2013 at 6:59 PM, Thomas Eifert <kxkvi at lavabit.com> wrote:
> Hi Ludolf:
> I understand what you're saying. Nevertheless, I'm under the impression
> that level 4's purpose was to ignore the CA chain entirely. From the
> Stunnel manual:
> "level 4
> Ignore CA chain and only verify peer certificate."
> On 6/10/2013 4:33 AM, Ludolf Holzheid wrote:
>> On Sun, 2013-06-09 17:18:50 -0500, Thomas Eifert wrote:
>>> CERT: Verification error: unable to get local issuer certificate
>>> 2013.06.09 16:37:46 LOG4[608:2336]: Certificate check failed: depth=0
>> I suppose it's what the error message says:
>> Stunnel tries to verify the new certificate by following the
>> certificate chain down to a trusted root certificate, and fails
>> checking the issuer of a certificate involved.
>> Maybe Startcom didn't only change the server certificate, but some
>> intermediate certificates too. If this is the case, you may have to
>> download and store the intermediate certificates so stunnel able to
>> find them.
> Attention: This message and all attachments are private and may contain
> information that is confidential and privileged. If you received this
> message in error, please notify the sender by reply email and delete the
> message immediately.
> stunnel-users mailing list
> stunnel-users at stunnel.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the stunnel-users