[openssl-users] s_client/s_server trouble

Jakob Bohm jb-openssl at wisemo.com
Thu May 19 15:58:11 UTC 2016


What kind (and size) of keys are in your certificates?

That sounds like the most likely issue.

On 19/05/2016 17:26, Jan Just Keijser wrote:
> Hi all,
>
> no one has seen this as well? I've seen other mails fly by on 
> openssl-users after I posted this, yet no response to my query, nor to 
> a previous mail I sent (about pkcs7). Should I file bug reports instead?
>
>
> Jan Just Keijser wrote:
>> hi all,
>>
>> I've just run into something weird with openssl 1.0.1 and 
>> s_client+s_server:
>>
>> - I've downloaded and compiled a static version of openssl 1.0.1t on 
>> Linux
>> - I've set up a PKI with a ca.crt file and a server.crt/server.key 
>> keypair
>> - next , I run
>>
>>   ~/src/openssl-1.0.1t/apps/openssl s_server -CAfile ca.crt -cert 
>> server.crt -key server.key  -dhparam dh2048.pem
>>
>> - then, with s_client
>>
>>   ~/src/openssl-1.0.1t/apps/openssl s_client -CAfile ca.crt -connect 
>> 127.0.0.1:4433
>>
>> and I always end up with
>>
>>   Verify return code: 21 (unable to verify the first certificate)
>>
>> If I either change s_server *or* s_client to use openssl 0.9.8 then 
>> the above commands work!
>>
>> What am I missing here? 

Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded



More information about the openssl-users mailing list