[openssl-users] s_client/s_server trouble

Jan Just Keijser janjust at nikhef.nl
Thu May 19 15:26:57 UTC 2016


Hi all,

no one has seen this as well? I've seen other mails fly by on 
openssl-users after I posted this, yet no response to my query, nor to a 
previous mail I sent (about pkcs7). Should I file bug reports instead?

thx,

JJK / Jan Just Keijser

Jan Just Keijser wrote:
> hi all,
>
> I've just run into something weird with openssl 1.0.1 and 
> s_client+s_server:
>
> - I've downloaded and compiled a static version of openssl 1.0.1t on 
> Linux
> - I've set up a PKI with a ca.crt file and a server.crt/server.key 
> keypair
> - next , I run
>
>   ~/src/openssl-1.0.1t/apps/openssl s_server -CAfile ca.crt -cert 
> server.crt -key server.key  -dhparam dh2048.pem
>
> - then, with s_client
>
>   ~/src/openssl-1.0.1t/apps/openssl s_client -CAfile ca.crt -connect 
> 127.0.0.1:4433
>
> and I always end up with
>
>   Verify return code: 21 (unable to verify the first certificate)
>
> If I either change s_server *or* s_client to use openssl 0.9.8 then 
> the above commands work!
>
> What am I missing here?
>
>
> TIA,
>
> JJK / Jan Just Keijser
>



More information about the openssl-users mailing list