resumption problem
Jeremy Harris
jgh at wizmail.org
Mon Mar 23 23:46:43 UTC 2020
OpenSSL 1.1.1 on Centos 8
Ticket-based resumption
I'm getting a repeatable error from a client call to SSL_connect()
of "14228044:SSL routines:construct_ca_names:internal error".
Packet capture shows an Alert being sent by the client before
anything is received from the server.
The error only occurs when the client is trying to resume
a previous session, and (here's the odd part) only when
the client is set up to offer a client certificate.
[I can change the client config to stop it offering this
client-cert, and the resumption works just fine]
I *think* possibly also the precise nature of that client cert
matters; a testcase I set up away from my production
system failed to induce the error. The client cert
is loaded using SSL_CTX_use_certificate_chain_file();
the file contains a private-key and a 3-element chain
with a Lets Encrypt cert (leaf, signer, CA-root).
The CA is sha1/rsa, the other two are sha256/rsa.
The preceding TLS session is logged as using
"TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256"
Any ideas?
--
Thanks,
Jeremy
More information about the openssl-users
mailing list