[stunnel-users] Difference between verify=2, 3 and 4
kxkvi at wi.rr.com
Fri Sep 20 10:10:27 CEST 2013
On 9/16/2013 6:17 PM, Javier wrote:
> I didn't use level 4, but if I'm not wrong, it doesn't check for a
> local certificate but just the top CA, without the full CAs chain (all
> CAs part of the certificate). If no one corrects me, L4 is as I told.
> But the best way is to test it.
Testing is the best way, for sure. In theory, L4 checks for the peer
certificate only. Yet, I'm currently
using at least one peer certificate that requires the top CA to be
present in the .pem file. If I remove it,
L4 fails. Go figure.
Attention: This message and all attachments are private and may contain information that is confidential and privileged. If you received this message in error, please notify the sender by reply email and delete the message immediately.
More information about the stunnel-users