Hi again,
I've finally found a solution for this problem. This is related to
sertificates of more than 1024 bits, and this hotfix solve the problem:
http://support.microsoft.com/kb/955610/no
- Anders
On Mon, 2009-02-09 at 11:44 +0100, Anders Lund wrote:
> Hi,
>
> I'm having difficulties using s_client against some servers running ADAM
> on Windows 2003 servers. This is my problem:
>
> [and...@lon ~]$ openssl s_client -connect <some_host_name>:<port_number>
> CONNECTED(00000003)
> depth=1 <...>
> verify error:num=20:unable to get local issuer certificate
> verify return:0
> 21580:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
> failure:s23_lib.c:188:
>
> Ignore the fact that I'm not pointing to a file with the certificates.
> The problem is that this works (handshake succeeds) if I'm adding
> "-debug", "ssl2" or "-pause" as an option to "openssl s_client".
>
> This problem seems similar to this previous post on this list:
>
> http://groups.google.com/group/mailing.openssl.users/browse_thread/thread/83c19e424f3b2571/896874b0e02b9fff?lnk=gst&q=active+directory#896874b0e02b9fff
>
> This doesn't seem to be a problem if I'm using GnuTLS. Anyone with some
> kind of information about this problem? Might be that this is a bug in
> Windows 2003/ADAM that is solved with some patch that the owners of
> these servers haven't installed yet, but I'm having a hard time finding
> any information about this.
>
> - Anders
>
--
Anders Lund <anders.l...@uninett.no> .~.
UNINETT, N-7465 Trondheim, Norway / V \
Phone: +47 73 55 79 08 | Mob: +47 93 03 41 26 /( )\
^ ^
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
