Athir Nuaimi wrote:
Im trying to write a go program to connect to an stunnel server and
verify the certificate but it fails because the go language requires
that self-signed certs have keyCertSign set in the keyUsages. the
default stunnel.cnf does not set this. According to the following
message thread this is required by RFC 5280.
https://groups.google.com/forum/#!msg/golang-nuts/LfLHjVkeSj8/YyP-LSPEytEJ
[1]
The solution to this is to add keyUsage = keyCertSign to the
stunnel.cnf.
Good point. What would be the right options for self-signed SSL certs?
My guess is:
nsCertType = server
basicConstraints = CA:TRUE,pathlen:0
keyUsage = keyCertSign
extendedKeyUsage = serverAuth
Mike
_______________________________________________
stunnel-users mailing list
[email protected]
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
