On Wed, May 19, 2004, Oliver Bogosavljevic wrote: > hello mailing list, > i'm trying to get openldap using tls/ssl > using a selfsind cert for test purpose. > when i do: > ./openssl s_client -connect mvplab2.desy.de:636 -showcerts > i get (last part of the output): > > Server certificate > subject=/C=DE/ST=Germany/L=Hamburg/O=Desy/OU=TTF/CN=mvplab2.desy.de/[EMAIL PROTECTED] > issuer=/C=DE/ST=Germany/L=Hamburg/O=Desy/OU=TTF/CN=DESY > ROOTCA/[EMAIL PROTECTED] > --- > No client certificate CA names sent > --- > SSL handshake has read 2057 bytes and written 346 bytes > --- > New, TLSv1/SSLv3, Cipher is AES256-SHA Server public key is 1024 bit > SSL-Session: > Protocol : TLSv1 > Cipher : AES256-SHA > Session-ID: > FCE8526F5FD3CEB4834832740E6A8AA95A0BD3FD3EC01990019CE7B81F8A0A37 > Session-ID-ctx: > Master-Key: > F501B633DD2268C69FDDF26A7A6A1D4598BF7B8318C4EF1BDB104EA77B05F00B84F18653989530919EEE93083E1A938A > Key-Arg : None > Start Time: 1084978220 > Timeout : 300 (sec) > Verify return code: 19 (self signed certificate in certificate chain > > > what does the line "No client certificate CA names sent" mean >
When a server requests a client certificate it includes a list of acceptable CA names. The message simply means that the list was empty which probably means it didn't request a client certificate. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
