[stunnel-users] stunnel.cnf should set keyUsage = keyCertSign

Athir Nuaimi athir at nuaimi.com
Tue Mar 11 05:31:01 CET 2014


I'm trying to write a go program to connect to an stunnel server and verify
the certificate but it fails because the go language requires that
self-signed certs have keyCertSign set in the keyUsages.  the default
stunnel.cnf does not set this.  According to the following message thread
this is required by RFC 5280.

https://groups.google.com/forum/#!msg/golang-nuts/LfLHjVkeSj8/YyP-LSPEytEJ

The solution to this is to add 'keyUsage = keyCertSign' to the stunnel.cnf.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20140311/9ea277d9/attachment.html>


More information about the stunnel-users mailing list