看看 stunnel 怎么做的,目前用的 verify = 2 。不怕中间人。
https://www.stunnel.org/howto.html#authenticationHow does stunnel check certificates?
Stunnel has 3 methods for checking certificates, which are controlled by the verify option:
Do not Verify Certificates
If no `verify` argument is given, then stunnel will ignore any certificates offered and will allow all connections.
verify = 1
Verify the certificate, if present. * If no certificate is presented by the remote end, accept the connection. * If a certificate is presented, then * If the certificate valid, it will log which certificate is being used, and continue the connection. * If the certificate is invalid, it will drop the connection.
verify = 2
Require and verify certificates Stunnel will require and verify certificates for every SSL connection. If no certificate or an invalid certificate is presented, then it will drop the connection.
verify = 3
Require and verify certificates against locally installed certificates.