[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Auto plugged off?
again, being an smtp relay
randy
---
there are a few technical differences:
- the verify level (see stunnel(8)) lets you choose whether to do (1)
opportunistic cert verification, (2) cert verification from a trust
anchor, or (3) cert verification that must match a locally installed
cert. the most useful of these is usually (2), which is the mode
that gnutls-cli does.
- gnutls-cli does the commonName check, not sure stunnel does.
- stunnel has a list of protocols (including pop3 and imap) for which
it knows how to do starttls negotiation, and lets you specify one of
these, after which it will automatically perform the negotiation.
gnutls-cli has a --starttls option but it doesn't do the negotiation
for you; instead, it opens a plain connection, waits quietly for you
to do the protocol-specific starttls negotiation yourself, then you
send gnutls-cli it a signal (eof or sigalrm) to tell it that you now
want it to start speaking tls for you.
stunnel's starttls support is probably the deciding factor here. if
i were using imap with starttls instead of imaps, i'd want this.