It seems that /usr/bin/stunnel is just a compatibility perl-script, that does not know about the -S option, probably because it cannot map it to any option in stunnel4.
Since -S 0 can be used to suppress reading of any other certificate files for validation of remote server/client certs, it would be interesting to know, how the CA-validation process has changed from version 3 to 4. If the new default is to read only certificates from the specified file/path, then everything is ok. If new version does include default CA-files, I'm not sure about the consequences. Could it find the default CA-list installed on some machines, so that other clients that use e.g. thawte-signed key/cert to connect while I expected that only client certificates signed by my company's root-CA are accepted? What about latest attacks on md5-signed root CAs? -- stunnel source option (-S) not working https://bugs.launchpad.net/bugs/345918 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
