Olivier twist wrote:

I have a server certificate signed by GlobalSign. I don't want to use client certificate. But if I don't put the certification chain on the CAFILE of stunnel and don't set verify at 1, stunnel doesn't check the server certification chain and the server certificate appears broken on client side !!! ... cert = c:\certif\inTest.crt key = c:\certif\inTest.key ... CAfile = c:\certif\ca.pem

AFAIK the whole certificate chain from your server certificate up to the CA certificate should be in inTest.crt (simply concatenate the PEM files). The CAfile would be needed for client verification only.