Hello, > The problem with this is that from what I understand stunnel still > needs a certificate on the server side, so we are back to having to > create/purchase/manage possibly thousands of certificates, which is > entirely impractical, unless running all servers with the same > certificate is possible. Is it ? Yes, it is.
> (again I don't really care if a > server really is the server it pretends to be, I only want to be > sure that the client is the client it pretends to be). So you may have one certificate for servers (like you said - server verification is not important) and certificates for every client. And on server you should enable client authentication (via SSL). This is of course one of possible solution. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
