We have recently upgraded our product to 1.0.2k. We are getting this error on
a packet sent to us from our browser-based user interface. I really need some
suggestions as to how to debug this problem. I know it is in our code rather
than OpenSSL but I have no idea how to dig into what is
> On Apr 25, 2017, at 3:17 PM, Blumenthal, Uri - 0553 - MITLL
> wrote:
> Secure Sockets Layer
> SSL Record Layer: Handshake Protocol: Client Hello
> Content Type: Handshake (22)
> Version: TLS 1.2 (0x0303)
> Length: 228
> Handshake Protocol:
> extensions: 4 items
> Extension (ns_cert_exts.comment)
> Extension Id: 2.16.840.1.113730.1.13
(ns_cert_exts.comment)
> BER Error: String with tag=22 expected
but
> On Apr 25, 2017, at 4:41 PM, Blumenthal, Uri - 0553 - MITLL
> wrote:
>
>Client objects to the server chain. Either does not trust the MiTM root
> CA, or
>is unhappy about its encoding (assuming tshark is not generating an FP
> warning).
>
> Thank you! So it is
> Thank you! So it is the *client* that breaks the connection,
> and it is unhappy either about MiTM, or the encoding. I will
> check for both (though not much I can do about either).
Presumably you've added that cert to some trust store on the system in
question.
On 4/24/17, 7:26 PM, "openssl-users on behalf of Viktor Dukhovni"
wrote:
I get slightly annoyed when I take the time to help, but my response is
skimmed over and not read carefully. Upthread I said: