> From: owner-openssl-us...@openssl.org On Behalf Of Daniel Black > Sent: Sunday, 14 July, 2013 02:02 > To: openssl-users@openssl.org > Subject: Re: openssl can't connect from a single host > > On 11/07/13 19:20, Ben Schmidt wrote: > > Hello everyone, > > > > I got a problem that I don't understand. When I try to check the Cert of > > a website from a single specific host I get: > > ########### > > $ openssl s_client -connect www.example.com:443 <http://www.example.com:443>
That extra URL wasn't in the OPost. > > CONNECTED(00000003) > > --- wait > > ^C > > ########### > > looks like it connected to me. > "CONNECTED" is the TCP connection. It hasn't completed the SSL/TLS handshake. That would show the server cert (as the OP wants, for suites that use a server cert) and the session parameters (negotiation results, master secret, session-id, ticket if used, etc). CONNECTED does rule out routing/firewall and DNS problems, except some weird and arcane ones, FWTW. > Try typing "GET /" after the CONNECTED. It is a openssl does a SSL > connection but it doesn't do http. > OP doesn't want to do HTTPS, only the handshake. (*s_client* doesn't do HTTP. s_server and ocsp do a little. And library of course can be used to do whatever you code.) > Failing that there is -debug, -showcerts and -msg options > that can show > progress a bit more. -debug OR -msg (no need for both) shows progress of handshake, but -state shows summary progress more nicely. -showcerts only matters after the handshake completes successfully, and then shows the full chain instead of only the leaf cert, which is useful in some cases almost completely unlike this one. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org