stunnel verify level for both self-signed and third partycertificates

Hi all,
I am using stunnel to send messages from my client application to a
server. Local testing requires that I use a self-signed certificate,
while the deployed product will use a thrid-party certificate
authority. I have 2 related questions on how to set this up. To make
the generation of the stunnel config file simple, I would like to use
one verify level for both testing and deployment. I think that level 2
is what I need. I used openssl to create a self-signed certificate for
the client, and another for the server. When I have verfiy=2 for
stunnel, verification fails. What do I need for stunnel to
successfully verify the server?

Thanks,

Scott

On 4 Feb, 18:57, cudr...@cig.mot.com wrote:
> Hi all,
> I am using stunnel to send messages from my client application to a
> server. Local testing requires that I use a self-signed certificate,
> while the deployed product will use a thrid-party certificate
> authority. I have 2 related questions on how to set this up. To make
> the generation of the stunnel config file simple, I would like to use
> one verify level for both testing and deployment. I think that level 2
> is what I need. I used openssl to create a self-signed certificate for
> the client, and another for the server. When I have verfiy=2 for
> stunnel, verification fails. What do I need for stunnel to
> successfully verify the server?
>
> Thanks,
>
> Scott

The public certificate of the signing authority needs to be available
to stunnel in the directory referenced by CApath in the serverside
config file.

C.