[openssl-users] s_client/s_server trouble

Viktor Dukhovni openssl-users at dukhovni.org
Thu May 19 16:59:24 UTC 2016

On Thu, May 19, 2016 at 06:31:54PM +0200, Jakob Bohm wrote:

> >With 0.9.8 s_client or s_server will be able to use the default
> >CApath that is probably hashed with the 0.9.8-compatible hash
> >algorithm, allowing either or both to construct a more complete
> >chain,
> Indeed, I find it very confusing that specifying -CAfile
> or -CApath to the various "apps" doesn't override the
> default value of the other, causing various tests to trust
> additional certificates not intended to be trusted by that
> test.

Yes, this is why I suggested additional controls to disable
the built-in paths in 1.1.0, which are now available:


    s_client - SSL/TLS client program


    openssl s_client ...
    [-CApath directory] [-CAfile filename] [-no-CAfile] [-no-CApath]

So for "total" control:

	openssl s_client -CAfile cafile.pem -no-CApath ...
	openssl s_server -CAfile cafile.pem -no-CApath ...

There is perhaps an oversight in s_server, because the -no-CA{file,path}
options don't seem to apply to the secondary context for SNI, which
always gets the default paths:

        if ((!SSL_CTX_load_verify_locations(ctx2, CAfile, CApath)) ||
            (!SSL_CTX_set_default_verify_paths(ctx2))) {

That's likely surprising, and probably should be fixed for the final


More information about the openssl-users mailing list