Daniel Kahn Gillmor wrote: > I can't seem to connect to your server with either openssl or gnutls, > actually. Can you? > > [0 [EMAIL PROTECTED] ~]$ openssl s_client -showcerts -verify 5 -connect > origsvn.digium.com:443 > verify depth is 5 > CONNECTED(00000003) > depth=1 /C=US/ST=Alabama/L=Huntsville/O=Digium, Inc./OU=Asterisk Development > Team/CN=Digium SVN CA/[EMAIL PROTECTED] > verify error:num=19:self signed certificate in certificate chain > verify return:1 > depth=1 /C=US/ST=Alabama/L=Huntsville/O=Digium, Inc./OU=Asterisk Development > Team/CN=Digium SVN CA/[EMAIL PROTECTED] > verify return:1 > depth=0 /C=US/ST=Alabama/L=Huntsville/O=Digium/OU=Asterisk Development > Team/CN=origsvn.digium.com/[EMAIL PROTECTED] > verify return:1 > 28424:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake > failure:s3_pkt.c:1053:SSL alert number 40 > 28424:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake > failure:s23_lib.c:188: > [0 [EMAIL PROTECTED] ~]$ gnutls-cli --verbose origsvn.digium.com --port 443 > Resolving 'origsvn.digium.com'... > Connecting to '216.207.245.42:443'... > - Server's trusted authorities: > [0]: C=US,ST=Alabama,L=Huntsville,O=Digium\, Inc.,OU=Asterisk Development > Team,CN=Digium SVN CA,[EMAIL PROTECTED] > - Successfully sent 0 certificate(s) to server. > *** Fatal error: A TLS fatal alert has been received. > *** Received alert [40]: Handshake failed > *** Handshake has failed > GNUTLS ERROR: A TLS fatal alert has been received. > [1 [EMAIL PROTECTED] ~]$
OK, I've attached (hopefully it will make it through the list) a client cert that will allow TLS negotiation to complete on https://origsvn.digium.com (although the resulting connection won't be authorized to do anything). If the GNUTLS experts can try connecting with this as the client cert and inform me why GNUTLS reports a key usage violation on the server cert that would be awesome :-) -- Kevin P. Fleming Director of Software Technologies Digium, Inc. - "The Genuine Asterisk Experience" (TM)
gnutlstest-cert.p12
Description: Binary data
_______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
