Hello, > I try to connect an openssl client to a ssl server. > I use the tool openssl s_client. > > I use the -msg option in order to qsee the different messages exchanged during > the SSL connexion. > > My purpose is to generate an SSL alert message by the client. > Hence I use a trustees file in client side so that the signature verification > is > performed with a wrong result , which is the case (see the stream below: > SSL-Session: > Protocol : SSLv3 > Cipher : AES256-SHA > Session-ID: > 2DC601DF4A25DA207C2193AF896846BD1B0FD16B63255BD724E0E07759E66DD6 > Session-ID-ctx: > Master-Key: > AD37549969C6E77AD69954D614F452DFC2EE5670610190AAA8C2E2F08FDCEB84DCC12AF6ADF83C9040C165CBC6121E57 > Key-Arg : None > Start Time: 1195662480 > Timeout : 7200 (sec) > Verify return code: 7 (certificate signature failure) > > Neverthless, I do not see any SSL alert sent by the client to the server in > the > traces ... > > My question is : why don't we have an SSL alert message sent by the client to > the server ? Is there an option in openssl s_client I should use ? > > Here is the command line I have used for my test: > openssl s_client -connect localhost:8890 -CAfile trustees.pem -showcerts > -state > -ssl3 -bugs -msg You should add -verify flag.
Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
