Hi All, Does stunnel check the OCSP responders found in a certificate's AIA field? I am asking this because in the following e-mail from back 2008, the sender mentions a patch that implements this functionality. The patch is included with the mail but I don't think it is included in the later versions of stunnel. Does this mean OCSP responders inside a certificate are ignored?
I also want to ask another thing. When using verify = 3 in client mode, which file is used to check the received certificate? Is it the CAfile? If so, would it work like this: - I manually opened a connection to a server outside stunnel, downloaded the server's certificate, and closed the connection. - I saved this certificate to a file, and wrote the path of this file in the stunnel configuration file (CAfile = /mycerts/tmpcert.pem,verify=3). - I started stunnel and initiated a connection to the server. Would the connection be successful? Would it be the right way to use verify=3? Kind Regards, Ender Erel
_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
