On Tue, Aug 03, 2004, nathv wrote: > Hello All, > > I am trying to access a server using s_client and I am > passing the leaf and self signed CA of the server > through -CAfile switch, but I am still getting the > error below, any ideas?. > > ..... > SSL_connect:SSLv3 write certificate verify A > >>> TLS 1.0 ChangeCipherSpec [length 0001] > 01 > SSL_connect:SSLv3 write change cipher spec A > >>> TLS 1.0 Handshake [length 0010], Finished > 14 00 00 0c 13 8b 1f 61 ce aa 91 7a b0 48 b2 e9 > SSL_connect:SSLv3 write finished A > SSL_connect:SSLv3 flush data > <<< TLS 1.0 Alert [length 0002], fatal unknown_ca > 02 30 > SSL3 alert read:fatal:unknown CA > SSL_connect:failed in SSLv3 read finished A > 912:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 > alert unknown ca:.\ssl\s3_ > pkt.c:1052:SSL alert number 48 > 912:error:140790E5:SSL routines:SSL23_WRITE:ssl > handshake failure:.\ssl\s23_lib. > c:226: > ......... >
What other command line options are you using? By itself the default options to s_client wont cause an error if the CA is unknown. Does the server expect a client certificate and it is sending this alert? Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
