Hello, Maybe a mistake, but on OpenSSL 1.0.0c (2 Dec 2010) the debug arg make a real difference in s_client usage, a difference that I can't explain ?? Maybe a timing problem ??
Edited for text visualisation : openssl s_client -connect xxx.local:636 -CAfile ssl\ac_root.pem -showcerts -msg -state CONNECTED(00000754) SSL_connect:before/connect initialization >>> TLS 1.0 Handshake [length 00cd], ClientHello SSL_connect:SSLv2/v3 write client hello A <<< TLS 1.0 Handshake [length 004a], ServerHello SSL_connect:SSLv3 read server hello A <<< TLS 1.0 Handshake [length 0b4a], Certificate depth=2 O = XXX, C = FR verify return:1 depth=1 O = XXX, C = FR verify return:1 depth=0 C = FR, O = XXX, CN = XXX verify return:1 SSL_connect:SSLv3 read server certificate A <<< TLS 1.0 Handshake [length 0971], CertificateRequest SSL_connect:SSLv3 read server certificate request A <<< TLS 1.0 Handshake [length 0004], ServerHelloDone SSL_connect:SSLv3 read server done A >>> TLS 1.0 Handshake [length 0007], Certificate SSL_connect:SSLv3 write client certificate A >>> TLS 1.0 Handshake [length 0106], ClientKeyExchange SSL_connect:SSLv3 write client key exchange A >>> TLS 1.0 ChangeCipherSpec [length 0001] SSL_connect:SSLv3 write change cipher spec A >>> TLS 1.0 Handshake [length 0010], Finished SSL_connect:SSLv3 write finished A SSL_connect:SSLv3 flush data SSL_connect:failed in SSLv3 read finished A 2052:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:.\ssl\s23_lib.c:177: but with debug : openssl s_client -connect xxx.local:636 -CAfile ssl\ac_root.pem -showcerts -msg -state -debug CONNECTED(00000754) SSL_connect:before/connect initialization write to 0xaa4918 [0xaa8f00] (210 bytes => 210 (0xD2)) >>> TLS 1.0 Handshake [length 00cd], ClientHello SSL_connect:SSLv2/v3 write client hello A read from 0xaa4918 [0xaae460] (7 bytes => 7 (0x7)) read from 0xaa4918 [0xaae46a] (5383 bytes => 5383 (0x1507)) <<< TLS 1.0 Handshake [length 004a], ServerHello SSL_connect:SSLv3 read server hello A <<< TLS 1.0 Handshake [length 0b4a], Certificate depth=2 O = XXX, C = FR verify return:1 depth=1 O = XXX, C = FR verify return:1 depth=0 C = FR, O = XXX, CN = XXX verify return:1 SSL_connect:SSLv3 read server certificate A <<< TLS 1.0 Handshake [length 0971], CertificateRequest SSL_connect:SSLv3 read server certificate request A <<< TLS 1.0 Handshake [length 0004], ServerHelloDone SSL_connect:SSLv3 read server done A >>> TLS 1.0 Handshake [length 0007], Certificate write to 0xaa4918 [0xab6e68] (12 bytes => 12 (0xC)) SSL_connect:SSLv3 write client certificate A >>> TLS 1.0 Handshake [length 0106], ClientKeyExchange write to 0xaa4918 [0xab6e68] (267 bytes => 267 (0x10B)) SSL_connect:SSLv3 write client key exchange A >>> TLS 1.0 ChangeCipherSpec [length 0001] write to 0xaa4918 [0xab6e68] (6 bytes => 6 (0x6)) SSL_connect:SSLv3 write change cipher spec A >>> TLS 1.0 Handshake [length 0010], Finished write to 0xaa4918 [0xab6e68] (37 bytes => 37 (0x25)) SSL_connect:SSLv3 write finished A SSL_connect:SSLv3 flush data read from 0xaa4918 [0xaae463] (5 bytes => 5 (0x5)) read from 0xaa4918 [0xaae468] (1 bytes => 1 (0x1)) <<< TLS 1.0 ChangeCipherSpec [length 0001] read from 0xaa4918 [0xaae463] (5 bytes => 5 (0x5)) read from 0xaa4918 [0xaae468] (32 bytes => 32 (0x20)) <<< TLS 1.0 Handshake [length 0010], Finished SSL_connect:SSLv3 read finished A No error ?? Can you help me to understand it ??______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
