Pathfinder and Stunnel

What is it?

Our open-source Pathfinder library allows applications to easily perform RFC3280-compliant path validation of X.509 certificates.

We've created a patch for the Stunnel Universal SSL Wrapper that allows it to use Pathfinder to validate certificates presented by the other party. Policy mapping, policy constraints, and name constraints are all handled transparently. This makes it even easier to add complete certificate validity checking to applications and servers that may not even already be SSL-aware.

Current Status:

Pathfinder and this patch for Stunnel are presently under active development.

Download:

Patch:downloads/stunnel-4.23-pathfinder-20080513.diff

Instructions:

• Make sure you have the WvStreams 4.4 library installed.
• Make sure you have Pathfinder 0.2.4 and libpathfinder-openssl installed and appropriately configured.
• Make sure you have pkg-config installed, and that it knows about libpathfinder.
• Apply the patch to a clean stunnel-4.23 build tree.
• Run "autoconf".
• When running "./configure", specify "--with-pathfinder".
• Compile and install Stunnel.
• Enable pathfinder with the "pathfinder=yes" command in the Stunnel local configuration. A target policy OID can be specified using the "pf_policy=1.2.3.4.5" (for example) command.

Need Help?

Let us know!