[openssl-users] s_client/s_server trouble
Jakob Bohm
jb-openssl at wisemo.com
Thu May 19 15:58:11 UTC 2016
What kind (and size) of keys are in your certificates?
That sounds like the most likely issue.
On 19/05/2016 17:26, Jan Just Keijser wrote:
> Hi all,
>
> no one has seen this as well? I've seen other mails fly by on
> openssl-users after I posted this, yet no response to my query, nor to
> a previous mail I sent (about pkcs7). Should I file bug reports instead?
>
>
> Jan Just Keijser wrote:
>> hi all,
>>
>> I've just run into something weird with openssl 1.0.1 and
>> s_client+s_server:
>>
>> - I've downloaded and compiled a static version of openssl 1.0.1t on
>> Linux
>> - I've set up a PKI with a ca.crt file and a server.crt/server.key
>> keypair
>> - next , I run
>>
>> ~/src/openssl-1.0.1t/apps/openssl s_server -CAfile ca.crt -cert
>> server.crt -key server.key -dhparam dh2048.pem
>>
>> - then, with s_client
>>
>> ~/src/openssl-1.0.1t/apps/openssl s_client -CAfile ca.crt -connect
>> 127.0.0.1:4433
>>
>> and I always end up with
>>
>> Verify return code: 21 (unable to verify the first certificate)
>>
>> If I either change s_server *or* s_client to use openssl 0.9.8 then
>> the above commands work!
>>
>> What am I missing here?
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
More information about the openssl-users
mailing list