[Bug 345918] Re: stunnel source option (-S) not working
Roman Fiedler
roman.fiedler at arcsmed.at
Fri Mar 20 14:34:14 UTC 2009
It seems that /usr/bin/stunnel is just a compatibility perl-script, that
does not know about the -S option, probably because it cannot map it to
any option in stunnel4.
Since -S 0 can be used to suppress reading of any other certificate
files for validation of remote server/client certs, it would be
interesting to know, how the CA-validation process has changed from
version 3 to 4.
If the new default is to read only certificates from the specified
file/path, then everything is ok.
If new version does include default CA-files, I'm not sure about the
consequences. Could it find the default CA-list installed on some
machines, so that other clients that use e.g. thawte-signed key/cert to
connect while I expected that only client certificates signed by my
company's root-CA are accepted? What about latest attacks on md5-signed
root CAs?
--
stunnel source option (-S) not working
https://bugs.launchpad.net/bugs/345918
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list