hello,
i am running el5 with unmodified openssl.cnf file and have a program that uses
the openssl libraries but is stupid enough to not offer some parameters to
configure cert and cacert ("check_nrpe").
This programs source code initializes the openssl lib as follows:
SSL_library_init();
SSLeay_add_ssl_algorithms();
meth=SSLv23_client_method();
SSL_load_error_strings();
SSL_CTX_set_options(ctx,SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
Given "local_host_name.pem" and "ca_new.crt" which are created on a different
machine (my root ca) with openssl, if i run a
openssl s_client -connect remotehost.80:5666 -CAfile
/etc/tmpssl/ca_new.crt -cert /etc/tmpssl/local_host_name.pem
that validates remotehost's certificate successfully and remotehost does not
complain either in the logs.
So, what i *think* i need now is to setup an openssl.cnf file which enables me
to run above command without specifying the certs:
openssl s_client -connect remotehost.80:5666
After appending "ca_new.crt" to "/etc/pki/tls/certs/ca_bundle.crt", i can omit
the "-CAfile /etc/tmpssl/ca_new.crt" parameter from above command and it still
works fine.
But i can not find out what to do with the server certificate
"local_host_name.pem" to reach my goal.
Could anybody please enlighten me ?
greetings, SR
--
Nanotron Technologies GmbH * Alt-Moabit 60 * 10555 Berlin * Germany
Geschaeftsfuehrer: Dr. Jens N. Albers
Sitz der Gesellschaft: Berlin * Registergericht: Berlin-Charlottenburg * HRB
42324
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
