> From: Dave Thompson
> >
> > Yes, the server has a custom root cert that isn't installed on this
> machine. I am happy that the server cert is correct.
> >
> For testing that's okay, but I hope in real use you are verifying.
> Otherwise an active attacker may be able to MITM your connections.
Pr
> From: owner-openssl-users On Behalf Of Ben Arnold
> Sent: Friday, November 08, 2013 10:45
> I have tried using s_client and it fails with the same handshake failure.
Please
> see below.
>
>
> > Attaching a PCAP file of the traffic is much more useful than hex packet
> > dumps.
>
> You're righ
> From: Viktor Dukhovni
>
> You can test with s_client(1) and compare results. Is your client
> certificate an
> RSA certificate? How many bits of public key? Is its signature SHA1 or
> SHA256?
It's a 2048 bit RSA SHA1 certificate, but I think Dave Thompson's right and
it's not getting that f
Do you still see an error if you specify one cipher? f.e. AES256-SHA?
On 2013-11-07 22:26, Dave Thompson wrote:
From: owner-openssl-users On Behalf Of Viktor Dukhovni
Sent: Thursday, November 07, 2013 11:02
On Thu, Nov 07, 2013 at 12:29:13PM +, Ben Arnold wrote:
> I am using SSL_CTX_set_
> From: owner-openssl-users On Behalf Of Viktor Dukhovni
> Sent: Thursday, November 07, 2013 11:02
> On Thu, Nov 07, 2013 at 12:29:13PM +, Ben Arnold wrote:
>
> > I am using SSL_CTX_set_client_cert_cb to provide the client
> > certificate when needed. I have a problem in that OpenSSL 1.0.1e
On Thu, Nov 07, 2013 at 12:29:13PM +, Ben Arnold wrote:
> I am using SSL_CTX_set_client_cert_cb to provide the client
> certificate when needed. I have a problem in that OpenSSL 1.0.1e
> does not trigger this callback for all websites that I expect it
> to, only some. Instead on the failing
