[stunnel-users] Difference between verify=2, 3 and 4

Thomas Eifert kxkvi at wi.rr.com
Fri Sep 20 10:10:27 CEST 2013

On 9/16/2013 6:17 PM, Javier wrote:
> I didn't use level 4, but if I'm not wrong, it doesn't check for a 
> local certificate but just the top CA, without the full CAs chain (all 
> CAs part of the certificate). If no one corrects me, L4 is as I told. 
> But the best way is to test it.

Testing is the best way, for sure.  In theory, L4 checks for the peer 
certificate only.  Yet, I'm currently
using at least one peer certificate that requires the top CA to be 
present in the .pem file.  If I remove it,
L4 fails.  Go figure.

Best regards,


Attention: This message and all attachments are private and may contain information that is confidential and privileged. If you received this message in error, please notify the sender by reply email and delete the message immediately.

More information about the stunnel-users mailing list