is there any working example of how to use verify_hostname in command line?
Viktor Dukhovni
openssl-users at dukhovni.org
Fri Mar 4 04:20:22 UTC 2022
On Thu, Mar 03, 2022 at 08:05:34PM -0800, Edward Tsang via openssl-users wrote:
> Ok here is what I tried but still complaining about unknown options
> -verify_hostname
> openssl s_client -connect google.com -CAfile etc/auth/cacert.pem -verify_hostname google.com -verify_return_error
Perhaps you're using some other "openssl" that isn't from the
OpenSSL project, or an OpenSSL version that predates 1.0.2 which
introduced the "verify_hostname" option.
With the real OpenSSL 1.1.1 I get:
$ openssl s_client -connect google.com:443 -CAfile /etc/ssl/cert.pem -verify_hostname google.com -verify_return_error -brief </dev/null; echo $?
CONNECTION ESTABLISHED
Protocol version: TLSv1.3
Ciphersuite: TLS_AES_256_GCM_SHA384
Peer certificate: CN = *.google.com
Hash used: SHA256
Signature type: ECDSA
Verification: OK
Verified peername: google.com
Server Temp Key: X25519, 253 bits
DONE
0
What does "openssl version -a" report?
--
Viktor.
More information about the openssl-users
mailing list