Trying to understand if my issue is related to SSL or GLOBUS, I've found on globus documentation some tests to validate host certificate setup
http://www.globus.org/toolkit/docs/4.0/security/cas/user-index.html#id2532610 Running the commands specified there everything works. I'm really confused. Any ideas? Andrea On Wed, Feb 25, 2009 at 4:23 PM, Andrea Turli <[email protected]> wrote: > Hi Tom, > > I've tried to run these three commands >> $ openssl s_client -connect localhost:443 -no_ssl2 >> $ openssl s_client -connect localhost:443 -tls1 >> $ openssl s_client -connect localhost:443 -ssl3 > > and I have the same problem. This command also > > openssl s_client -connect localhost:443 > > doesn't work > > This is the stacktrace I can see: > CONNECTED(00000003) > depth=0 /C=IT/O=INFN/OU=Host/L=ENGINEERING RDLAB/CN=grids16.eng.it > verify error:num=20:unable to get local issuer certificate > verify return:1 > depth=0 /C=IT/O=INFN/OU=Host/L=ENGINEERING RDLAB/CN=grids16.eng.it > verify error:num=27:certificate not trusted > verify return:1 > depth=0 /C=IT/O=INFN/OU=Host/L=ENGINEERING RDLAB/CN=grids16.eng.it > verify error:num=21:unable to verify the first certificate > verify return:1 > 20978:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad > certificate:s3_pkt.c:1046:SSL alert number 42 > 20978:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake > failure:s23_lib.c:226: > > So the problem seems related to SSL. Can anyone give me an hint? > > Thank you in advance, > Andrea > > > On Wed, Feb 25, 2009 at 3:32 PM, Tom Scavo <[email protected]> wrote: >> On Wed, Feb 25, 2009 at 7:50 AM, Andrea Turli <[email protected]> wrote: >>> I've checked the version installed in the server >>> $ rpm -qa | grep openssl >>> openssl-0.9.7a-33.24 >>> >>> Does also this version have known issues? >> >> No, the issue affects only OpenSSL 0.9.8j: >> >> https://mail.internet2.edu/wws/arc/shibboleth-dev/2009-02/msg00000.html >> >> Still, it wouldn't hurt to try the openssl commands suggested in the >> above thread (on the client): >> >> $ openssl s_client -connect localhost:443 -no_ssl2 >> $ openssl s_client -connect localhost:443 -tls1 >> $ openssl s_client -connect localhost:443 -ssl3 >> >> Tom >> >> >
