You're not missing anything. I've experienced a similar issue. While
verify = 4 generally works well in most cases and will ignore the CA
chain, I've encountered a few isolated incidences in which I've had to
append or "chain" the server certificate with the certificate of the CA.
Give it a shot and see if it resolves your issue.
Thomas
On 7/8/2013 3:02 AM, dansmith wrote:
I would expect that level 4 only compares locally installed
certificates, however I get the same behaviour as with level 3, stunnel
expects a CA cert.
Here'e the relevant log when on level 4
Jul 6 23:46:31 mmm stunnel: LOG7[7870:140491349628672]: Starting
certificate verification: depth=0,
/C=qq/ST=qq/O=qqq/OU=rer/CN=redf/emailAddress=rfd
Jul 6 23:46:31 mmm stunnel: LOG4[7870:140491349628672]: CERT:
Verification error: unable to get local issuer certificate
Jul 6 23:46:31 mmm stunnel: LOG4[7870:140491349628672]: Certificate
check failed: depth=0, /C=qq/ST=qq/O=qqq/OU=rer/CN=redf/emailAddress=rfd
Jul 6 23:46:31 mmm stunnel: LOG7[7872:140080853112576]: SSL alert
(read): fatal: unknown CA
What am I missing in understanding verify's level 4 ?
_______________________________________________
stunnel-users mailing list
[email protected]
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
--
Attention: This message and all attachments are private and may contain
information that is confidential and privileged. If you received this
message in error, please notify the sender by reply email and delete the
message immediately.
_______________________________________________
stunnel-users mailing list
[email protected]
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
