^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^What result do you get by an openssl s_client -connect test.net:443 \ -CAfile cacert.pem -verify 5 \ -cert user.pem -key user.key \ -reconnect -showcerts -state -bugs
?
with a input GET /demo/index.html HTTP/1.0
I get:
SSL_connect:SSL renegotiate ciphers SSL_connect:SSLv3 write client hello A SSL_connect:SSLv3 read server hello A depth=1 /C=DE/ST=test/L=test/O=test GbR/OU=test/CN=test.net/[EMAIL PROTECTED] verify error:num=19:self signed certificate in certificate chain verify return:1 depth=0 /C=DE/ST=test/O=test/OU=test/CN=test.net/[EMAIL PROTECTED] verify error:num=26:unsupported certificate purpose
verify return:1 depth=1 /C=DE/ST=test/L=test/O=test/OU=test/CN=test.net/[EMAIL PROTECTED] verify return:1 depth=0 /C=DE/ST=test/O=test/OU=test/CN=test.net/[EMAIL PROTECTED] verify return:1
My guess is the server certificate has an key usage extension that is inappropriate with the role.
could you verify this with openssl verify -CAfile cacert.pem -purpose sslserver server.pem and while you at it: openssl verify -CAfile cacert.pem -purpose sslclient user.pem
Bye
Goetz
-- DMCA: The greed of the few outweighs the freedom of the many
smime.p7s
Description: S/MIME Cryptographic Signature
