Hi Ender, The AIA extension is indeed currently ignored by stunnel. This feature is on my TODO list. I hope to find time to implement it. I cannot just apply the patch, as it doesn't have a license. I also don't accept copyleft (e.g. GPL) patches.
The configuration you described seems to be correct. Mike On 2014-01-20 14:22, Ender Erel wrote: > > I am sorry, it seems I forgot the link to the e-mail I mentioned. > > > > https://www.stunnel.org/pipermail/stunnel-users/2008-July/002068.html > > > > Any ideas? > > > > Regards, > > Ender Erel > > > > *From:*stunnel-users [mailto:[email protected]] *On > Behalf Of *Ender Erel > *Sent:* Friday, January 17, 2014 3:31 PM > *To:* [email protected] > *Subject:* [stunnel-users] OCSP Responders in AIA extension > > > > Hi All, > > > > Does stunnel check the OCSP responders found in a certificate's AIA > field? I am asking this because in the following e-mail from back > 2008, the sender mentions a patch that implements this functionality. > The patch is included with the mail but I don't think it is included > in the later versions of stunnel. Does this mean OCSP responders > inside a receied certificate are ignored? > > > > I also want to ask another thing. When using verify = 3 in client > mode, which file is used to check the received certificate? Is it the > CAfile? > > If so, would it work like this: > > - I manually opened a connection to a server outside stunnel, > downloaded the server's certificate, and closed the connection. > > - I saved this certificate to a file, and wrote the path of > this file in the stunnel configuration file (CAfile = > /mycerts/tmpcert.pem,verify=3). > > - I started stunnel and initiated a connection to the server. > > Would the connection be successful? Would it be the right way to use > verify=3? > > > > Kind Regards, > > Ender Erel > > > > _______________________________________________ > stunnel-users mailing list > [email protected] > https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
signature.asc
Description: OpenPGP digital signature
_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
