What kind (and size) of keys are in your certificates?
That sounds like the most likely issue.
On 19/05/2016 17:26, Jan Just Keijser wrote:
Hi all,
no one has seen this as well? I've seen other mails fly by on
openssl-users after I posted this, yet no response to my query, nor to
a previous mail I sent (about pkcs7). Should I file bug reports instead?
Jan Just Keijser wrote:
hi all,
I've just run into something weird with openssl 1.0.1 and
s_client+s_server:
- I've downloaded and compiled a static version of openssl 1.0.1t on
Linux
- I've set up a PKI with a ca.crt file and a server.crt/server.key
keypair
- next , I run
~/src/openssl-1.0.1t/apps/openssl s_server -CAfile ca.crt -cert
server.crt -key server.key -dhparam dh2048.pem
- then, with s_client
~/src/openssl-1.0.1t/apps/openssl s_client -CAfile ca.crt -connect
127.0.0.1:4433
and I always end up with
Verify return code: 21 (unable to verify the first certificate)
If I either change s_server *or* s_client to use openssl 0.9.8 then
the above commands work!
What am I missing here?
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
