Hello again,
More precisely : that option should be set on the machine that has
generated the certificate : probably not your "client" one...
but a kind of CA server somewhere...
Not related at all to stunnel.
You should subscribe to openssl mailing lists here :
http://www.openssl.org/support/community.html
Best
Pierre Delaage
Le 11/03/2014 05:31, Athir Nuaimi a écrit :
I'm trying to write a go program to connect to an stunnel server and
verify the certificate but it fails because the go language requires
that self-signed certs have keyCertSign set in the keyUsages. the
default stunnel.cnf does not set this. According to the following
message thread this is required by RFC 5280.
https://groups.google.com/forum/#!msg/golang-nuts/LfLHjVkeSj8/YyP-LSPEytEJ
<https://groups.google.com/forum/#%21msg/golang-nuts/LfLHjVkeSj8/YyP-LSPEytEJ>
The solution to this is to add 'keyUsage = keyCertSign' to the
stunnel.cnf.
_______________________________________________
stunnel-users mailing list
[email protected]
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
_______________________________________________
stunnel-users mailing list
[email protected]
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
