Hello,
https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/
^^ This document indicates that, by enabling trusted-first mode, I should be
able to work around the LE expiration problem.
I’m either misunderstanding this or “holding it wrong”, though, because I can’t
see
> On 30 Sep 2021, at 3:34 pm, nate wrote:
>
>> $ openssl s_client -showcerts \
>>-connect bad_server_name:443 \
>>-servername bad_server_name 2>/dev/null |
>>openssl crl2pkcs7 -nocrl -certfile /dev/stdin |
>>openssl pkcs7 -print_certs -noout -text |
>>egrep 'not(Befor
On 2021-09-30 11:36, Viktor Dukhovni wrote:
Ah, you also need to add "-showcerts" to s_client and best to separate
stdout and stderr in order to avoid confusion due to error text leaking
through, sender stderr to /dev/null:
$ openssl s_client -showcerts \
-connect bad_server_name:443
On Thu, Sep 30, 2021 at 11:26:14AM -0700, nate wrote:
> > This is *not* the correct way to see all the expiration dates in the
> > chain. It will show only the leaf certificate dates. The right
> > incantation is:
> >
> > $ openssl s_client -connect bad_server_name:443 -servername
> > bad_se
On 2021-09-30 10:51, Viktor Dukhovni wrote:
I get at the end a clear: Verify return code: 10 (certificate has
expired)
This is because OpenSSL 1.0.2 looks at the peer's certificate chain
before looking in the trust store.
Ok, good to know, thanks!
If I run on the same OpenSSL:
openssl s
On Thu, Sep 30, 2021 at 09:43:54AM -0700, nate wrote:
> If I run this on OpenSSL 1.0.2g (Ubuntu 16.04)
>
> openssl s_client -connect bad_server_name:443 -servername bad_server_name
>
> I get at the end a clear: Verify return code: 10 (certificate has expired)
This is because OpenSSL 1.0.2 looks
On 2021-09-30 10:12, nate wrote:
That is interesting and explains some things. One more Q for you, this
app
Oops sorry no more Qs, I was going to write one then I realized that
OpenSSL
appends the OS certs on top of the custom CA cert file which I wasn't
expecting, updated my email forgot to
On 2021-09-30 9:50, Matt Caswell wrote:
See:
https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/
ok thanks!
That is interesting and explains some things. One more Q for you, this
app
uses a custom CA certs file (so doesn't rely on the OS trusted).
Though it seems after
See:
https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/
Matt
On 30/09/2021 17:43, nate wrote:
Hello there
I support an app stack over here and a short time ago one of the devs
contacted me saying
that they were getting some SSL cert errors connecting to a server.
Inve
Hello there
I support an app stack over here and a short time ago one of the devs
contacted me saying
that they were getting some SSL cert errors connecting to a server.
Investigating things it turns out to be the Let's encrypt CA cert
expiration that
happened recently, that server is managed
On Thu, Sep 30, 2021 at 02:48:39PM +0200, Steffen Nurpmeso wrote:
> Thanks for fixing this so fast.
>
> ...
> |You should open an issue on Github. The immediate cause is:
> ...
>
> I finally (re)created a github account to cause less burden the next
> trivial time. But i do not understand a
Viktor Dukhovni wrote in
:
|On Wed, Sep 29, 2021 at 10:30:29PM +0200, Steffen Nurpmeso wrote:
...
|> #?1|kent:$ ~/usr-kent-crux-linux-x86_64/opt/.ossl3/bin/openssl chacha20
|> Segmentation fault
Thanks for fixing this so fast.
...
|You should open an issue on Github. The immediate cau
12 matches
Mail list logo
