sTunnelVerifyPeer

BINTEC-STUNNEL-MIB · .0.12.1.2.1.11

Object

column r/w Enumeration

If VerifyPeer is set to 'none'(1) no SSL verification is done.
Setting VerifyPeer to 'normal'(2) a normal SSL verification is done
(certificates are checked). If it is set to 'high'(3) also the 
subjectname of the remote side's certificate will be checked and
SSL connection will be cancelled if it doesn't match 
to RemoteCertSubject. In case of VerifyPeer is set to 'very_high'
beside the RemoteCertSubject also the SerialNumber of the certificate
is checked to be equal or greater than RemoteCertSerialNo and
the DNS attribute (withing the subject alternative names) 
is checked to be equal against RemoteCertDns (if it is configured
else no check against this variable is done).
If VerifyPeer is set to 'accept-self-signed'(5)
a 'normal' verification is done but self signed certificates 
will be accepted, too.

Context

MIB: BINTEC-STUNNEL-MIB
OID: .0.12.1.2.1.11
Type: column
Access: readwrite
Status: current
Parent: sTunnelEntry
Table: sTunnelTable
Siblings: 27

Syntax

Enumeration

Values & Constraints

Enumerated Values

`1`	none
`2`	normal
`3`	high
`4`	very-high
`5`	accept-self-signed

Related Objects

Sibling Objects

Object	Type	Syntax	OID
sTunnelIndex The Index gives (should give) an unique ID for the STunnel.	column	Integer32	`.0.12.1.2.1.1`
sTunnelPrivateToken The PrivateToken is sent with the first packet as soon as the connection is established. It is used if the remote side wants to receive several connections on the same port and th…	column	OctetString	`.0.12.1.2.1.10`
sTunnelCertificateIdx The (row) index of the CertTable holding the wanted peer certificate for the connection.	column	Integer32	`.0.12.1.2.1.12`
sTunnelCACertificateIdx The (row) index of the CertTable holding the wanted/needed CA certificate for the connection.	column	Integer32	`.0.12.1.2.1.13`
sTunnelRemoteCertSubject when VerifyPeer set to 'high' the string in this field is compared with the subjectname of the remote peer certificate.	column	OctetString	`.0.12.1.2.1.14`
sTunnelRemoteCertSerialNo when VerifyPeer set to 'very_high' the string in this field is compared with the serial number of the remote peer certificate.	column	OctetString	`.0.12.1.2.1.15`
sTunnelRemoteCertDns when VerifyPeer set to 'very_high' the string in this field is compared with the DNS attribute within the subject alternative names of the remote peer certificate. But if this va…	column	OctetString	`.0.12.1.2.1.16`
sTunnelCertificateStatus The certificatestatus displays if and which error occured during the certificate validation. If no error occured it is ok(2). The four possible errors are the cert is untrusted(3)…	column	Enumeration	`.0.12.1.2.1.17`
sTunnelRetries The number of retries which were already done during the actual e.g. last connection.	column	Integer32	`.0.12.1.2.1.18`
sTunnelRetryTime The time in seconds which the system waits for a reconnection try if the last try failed.	column	Integer32	`.0.12.1.2.1.19`
sTunnelAdminStatus The AdminStatus of one entry declares whether this peer should be established (up) or not (down). In case of setting the AdminStatus to 'delete' the entry will be deleted.	column	Enumeration	`.0.12.1.2.1.2`
sTunnelMaxRetries The maximum number of retries till the system declares the connection to failed. In case of '-1' infinite retries will take place.	column	Integer32	`.0.12.1.2.1.20`
sTunnelReopenDelay The time till the connection will be reopened.	column	Integer32	`.0.12.1.2.1.21`
sTunnelShortHold The ShortHold is the number of seconds after which an inactive connection is closed. Is the ShortHold set to -1 it is never closed for the reason of inactivity.	column	Integer32	`.0.12.1.2.1.22`
sTunnelDebug enables(2) or disables(1) debug messages for this peer.	column	Enumeration	`.0.12.1.2.1.23`
sTunnelLastStatusChange This value shows the time since the last sTunnelStatus change.	column	SNMPv2-SMITimeTicks	`.0.12.1.2.1.24`
sTunnelRxBytes The amount of received (data) bytes from the external connection. Only the real data bytes (without any header or encryption/hash are counted).	column	SNMPv2-SMICounter32	`.0.12.1.2.1.25`
sTunnelTxBytes The amount of transmitted bytes towards the external connection. Only the real data bytes (without any header or encryption/hash are counted).	column	SNMPv2-SMICounter32	`.0.12.1.2.1.26`
sTunnelTCPConnections Counts the SSL-TCP-Connections of this tunnel.	column	Integer32	`.0.12.1.2.1.27`
sTunnelStatus The (operational) status of the connection. 'up'(1) means the connection is fully established. 'down'(2) means the connection is (finally) down. 'wait-for-retry'(3) means the sys…	column	Enumeration	`.0.12.1.2.1.28`
sTunnelDescription The description of the Stunnel. Is only for giving each tunnel a name but has no further meaning e.g. function.	column	OctetString	`.0.12.1.2.1.3`
sTunnelExternalIp This field holds the IP to or from which the SSL connection will be established. If it is set (not 0) in ExternalMode_server the remote IP (incoming connection) is checked again…	column	SNMPv2-SMIIpAddress	`.0.12.1.2.1.4`
sTunnelExternalPort The port of the external connection. In ExternalMode client it defines the port it is connected to and in ExternalMode server it defines the port it is listened on for incoming co…	column	Integer32	`.0.12.1.2.1.5`
sTunnelExternalMode The ExternalMode declares whether the system is server or client to the outside e.g. SSL connection.	column	Enumeration	`.0.12.1.2.1.6`
sTunnelInternalIp The InternalIp default value is 127.0.0.1 (localhost). That means that the internal stunnel endpoint is the system itself and connects to an internal service (telnet,snmp,syslog…	column	SNMPv2-SMIIpAddress	`.0.12.1.2.1.7`
sTunnelInternalPort The port on which will be connected internally in InternalMode client or on which will be listened on for an incoming connection.	column	Integer32	`.0.12.1.2.1.8`
sTunnelInternalMode The InternalMode declares whether the system is server or client to the inside connection (NON-SSL connection).	column	Enumeration	`.0.12.1.2.1.9`