Jochen Bern <[email protected]> writes:
> On 20.09.2013 05:27, Nikolaus Rath wrote:
>> So in which case would I ever use 3? Somehow I
>> can't think of such a situation. If I already explicitly trust a
>> specific certificate, why would I be interested in checking the CA
>> chain?
>
> Imagine the CA (or one of the intermediate CAs) getting compromised and
> corresponding revocations becoming available to your machine (by OS
> updates, OCSP, whatever) before you hear of the incident.
FWIW, I still don't see why I'd use verify=3 in that case.
Best,
Nikolaus
--
Encrypted emails preferred.
PGP fingerprint: 5B93 61F8 4EA2 E279 ABF6 02CF A9AD B7F8 AE4E 425C
»Time flies like an arrow, fruit flies like a Banana.«
_______________________________________________
stunnel-users mailing list
[email protected]
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
