On 2013-09-20 05:27, Nikolaus Rath wrote: >> IMHO most stunnel deployments *should* use "verify = 4". > Thanks for explanations. So in which case would I ever use 3? Somehow I > can't think of such a situation. If I already explicitly trust a > specific certificate, why would I be interested in checking the CA > chain?
Good point. The reason is historical: "verify = 4" was added just 2 years ago. As stunnel is 15 years old I decided to keep "verify = 3" for backward compatibility. Alternatively I could have replaced the existing functionality of "verify = 3", but most people expect modifications of the already defined functionality on software updates to be as small as possible. Mike
signature.asc
Description: OpenPGP digital signature
_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
