Compilation issues

Jan Just Keijser janjust at nikhef.nl
Wed Jun 30 08:42:32 UTC 2021 

Hi,

On 29/06/21 18:31, david raingeard wrote:
> Ok, here it is. It compiled mostly ok (some fixes for solaris 2.6, 
> like inttypes.h instead of stdint).
> The test suite fails (dubious error).
>
> *Tls 1.2 works* just fine (*openssl s_client -connect google.com:443 
> <http://google.com:443> -tls1_2 -trace*)
>
> but *Tls 1.3 fails* starting when the *ApplicationData *record is 
> received.
>
I'd say this is a local build issue; I just unpacked 1.1.1g on my CentOS 
7.9 box, did a
   ./config no-shared
   make
   make test
then
   ./apps/openssl s_client -CAfile /etc/pki/tls/cert.pem -connect 
google.com:443

and got this:

./apps/openssl s_client -CAfile /etc/pki/tls/cert.pem -connect 
google.com:443
CONNECTED(00000003)
depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1
verify return:1
depth=1 C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
verify return:1
depth=0 CN = *.google.com
verify return:1
---
Certificate chain
  0 s:CN = *.google.com
    i:C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
  1 s:C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
    i:C = US, O = Google Trust Services LLC, CN = GTS Root R1
  2 s:C = US, O = Google Trust Services LLC, CN = GTS Root R1
    i:C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
subject=CN = *.google.com

issuer=C = US, O = Google Trust Services LLC, CN = GTS CA 1C3

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 6449 bytes and written 392 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---


So no errors, no warnings and it is using TLS 1.3 to connect.
Check your local environment and especially check that
   make test
does not give any errors.

HTH,

JJK

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210630/8fcd98ff/attachment-0001.html>

More information about the openssl-users mailing list