Hi Tom, I've tried to run these three commands > $ openssl s_client -connect localhost:443 -no_ssl2 > $ openssl s_client -connect localhost:443 -tls1 > $ openssl s_client -connect localhost:443 -ssl3
and I have the same problem. This command also openssl s_client -connect localhost:443 doesn't work This is the stacktrace I can see: CONNECTED(00000003) depth=0 /C=IT/O=INFN/OU=Host/L=ENGINEERING RDLAB/CN=grids16.eng.it verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /C=IT/O=INFN/OU=Host/L=ENGINEERING RDLAB/CN=grids16.eng.it verify error:num=27:certificate not trusted verify return:1 depth=0 /C=IT/O=INFN/OU=Host/L=ENGINEERING RDLAB/CN=grids16.eng.it verify error:num=21:unable to verify the first certificate verify return:1 20978:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:1046:SSL alert number 42 20978:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:226: So the problem seems related to SSL. Can anyone give me an hint? Thank you in advance, Andrea On Wed, Feb 25, 2009 at 3:32 PM, Tom Scavo <[email protected]> wrote: > On Wed, Feb 25, 2009 at 7:50 AM, Andrea Turli <[email protected]> wrote: >> I've checked the version installed in the server >> $ rpm -qa | grep openssl >> openssl-0.9.7a-33.24 >> >> Does also this version have known issues? > > No, the issue affects only OpenSSL 0.9.8j: > > https://mail.internet2.edu/wws/arc/shibboleth-dev/2009-02/msg00000.html > > Still, it wouldn't hurt to try the openssl commands suggested in the > above thread (on the client): > > $ openssl s_client -connect localhost:443 -no_ssl2 > $ openssl s_client -connect localhost:443 -tls1 > $ openssl s_client -connect localhost:443 -ssl3 > > Tom > >
