Despite printing "no peer certificate available" below, the postgresql
server serves three certificates (two intermediates and a leaf) as
picked up by ssldump.
In this case it is the client side that is triggering the handshake
failure, not the server. The client side refuses to add the cause of the
handshake failure to the error message, which is definitely a bug.
postgres@sql02:~$ openssl s_client -verify 10 -CAfile .postgresql/root.crt -key
.postgresql/postgresql.key -cert .postgresql/postgresql.crt -connect sql01:5432
-servername sql01
verify depth is 10
CONNECTED(00000003)
139930468939416:error:140790E5:SSL routines:ssl23_write:ssl handshake
failure:s23_lib.c:177:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 379 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1510188432
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1612711
Title:
TLS negation fails
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1612711/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
