is there any working example of how to use verify_hostname in command line?
Edward Tsang
etsang at splunk.com
Fri Mar 4 04:55:51 UTC 2022
the openssl I'm using is in mac
openssl version -a
LibreSSL 2.8.3
On Thu, Mar 3, 2022 at 8:05 PM Edward Tsang <etsang at splunk.com> wrote:
> Ok here is what I tried but still complaining about unknown options
> -verify_hostname
> openssl s_client -connect google.com -CAfile etc/auth/cacert.pem
> -verify_hostname google.com -verify_return_error
> unknown option -verify_hostname
> usage: s_client args
>
> On Thu, Mar 3, 2022 at 4:10 PM Viktor Dukhovni <openssl-users at dukhovni.org>
> wrote:
>
>> [ External sender. Exercise caution. ]
>>
>> > On 3 Mar 2022, at 6:09 pm, Edward Tsang via openssl-users <
>> openssl-users at openssl.org> wrote:
>> >
>> > openssl s_client -CApath . -CAfile ./cacert.pem -verify_hostname
>> example.com
>> >
>> > All I get is "unknown option -verify_hostname
>> > usage: s_client args"
>> >
>> > Have tried combinations of that and check out of doc... really not
>> helping.
>>
>> You need to specify a server to connect to via the "-connect" option. It
>> takes a hostname or IP address as a required argument, with an optional
>> ":port" suffix.
>>
>> -connect www.example.com:443
>> -connect 192.0.2.1:443
>> -connect [::1]:443
>> ...
>>
>> You may also want "-brief" and "-verify_return_error".
>>
>> --
>> Viktor.
>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20220303/dd51d590/attachment-0001.htm>
More information about the openssl-users
mailing list