> From: owner-openssl-us...@openssl.org On Behalf Of Anil Tambe
> Sent: Tuesday, 07 April, 2009 03:23
> i am using the latest openssl 0.9.8k. the -verify option works fine
> with ssl3 , but handshake fails if i use -ssl2 .
> ./openssl s_server -verify 0 -debug
> ./openssl s_client -ssl3 -debug [ works fine .]
> > ./openssl s_client -ssl2
(snip certs)
> 22360:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake
failure:s2_pkt.c:428:
Use -msg and you should see before that something like
<<< SSL 2.0 [length 0012], REQUEST-CERTIFICATE
07 01 69 de b1 89 f9 f4 db 0d 12 f2 34 3b 1a a5
50 90
>>> SSL 2.0 [length 0003], ERROR: NO-CERTIFICATE-ERROR
00 00 02
or look at the server output and you should see
10233:error:140710CA:SSL routines:REQUEST_CERTIFICATE:peer error no
certificate:s2_pkt.c:675:
Apparently SSLv2 doesn't support optional client auth;
if the server requests it (which s_server -verify does)
the client must provide it (so give it -key & pw & -cert).
v2 is way old, and less functional in numerous ways.
This is apparently one, although I didn't remember it
specifically. Prefer v3/TLS if you have a choice.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
