fandino wrote:
# openssl s_server .....
.
verify error:num=26:unsupported certificate purpose
verify return:1

and for the certificates in both servers:

Certificate purposes:
SSL client : No
SSL client CA : No
SSL server : Yes
SSL server CA : No
Netscape SSL server : Yes
Netscape SSL server CA : No
S/MIME signing : No
S/MIME signing CA : No
S/MIME encryption : No
S/MIME encryption CA : No
CRL signing : No
CRL signing CA : No
Any Purpose : Yes
Any Purpose CA : Yes
OCSP helper : Yes
OCSP helper CA : No

I think I found the problem. The servers runs a directory software
and the certicates had the extended key usage settled to "SSL Server"
and this works perfectly with directory clients, but for directory
replication they needs the "SSL Client" extended key usage (one
directory act as client and another as server). So enabling both
usages did the trick.



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to