[openssl-users] Why no peer certificate available.

Jerry OELoo oyljerry at gmail.com
Tue May 26 07:49:23 UTC 2015


After I set -tls1 -servername, I can get certificate chain information.
But in my code. I have used SSL_set_tlsext_host_name() to set host
name, but it can not get certificate chain.

On Tue, May 26, 2015 at 1:32 PM, Jeffrey Walton <noloader at gmail.com> wrote:
> On Mon, May 25, 2015 at 11:17 PM, Jerry OELoo <oyljerry at gmail.com> wrote:
>> Hi.
>> I found there is a website which has https support.
>> https://www.ib-channel.net/miegin/web/jsp/B02-01.jsp
>> and browser can show its certificate chain.
>> but when I use openssl to connect website, it returns fail.
>>
>> openssl s_client -connect www.ib-channel.net:443
>> CONNECTED(00000003)
>> write:errno=104
>> ---
>> no peer certificate available
>> ---
>> No client certificate CA names sent
>> ---
>> SSL handshake has read 0 bytes and written 305 bytes
>> ---
>> New, (NONE), Cipher is (NONE)
>> Secure Renegotiation IS NOT supported
>> Compression: NONE
>> Expansion: NONE
>> ---
>>
>> So what is wrong that openssl can not get website's certificate? Thanks!
>>
>
> I'm timing out from US/New York using Apple's downlevel version of
> OpenSSL (0.9.8). But I'm succeeding with the latest version of OpenSSL
> (1.0.2a). (It seems to be opposite of what Patrick is experiencing).
>
> Also, you usually want to specify TLS and the server name. SSLv3 is
> pretty much dead now. SNI also ensures the server selects the right
> certificate at during channel setup.
>
>     openssl s_client -connect www.ib-channel.net:443 \
>         -tls1 -servername www.ib-channel.net
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



-- 
Rejoice,I Desire!


More information about the openssl-users mailing list