On Thu, Sep 22, 2005 at 06:24:05PM +0200, Martin Kraemer wrote: > > What is the output with -debug passed to s_client? > (appended. Used with the original setup: > * global "SSLVerifyClient require" > * 4000+ line ca-bundle file > * client invocation: > % openssl s_client -debug -CAfile ssl.crt/ca-bundle.crt -cert ~/[EMAIL > PROTECTED] -key ~/[EMAIL PROTECTED] -connect mch00bcm:8443 > <<bigbundle.txt>> > )
bigbundle.txt was incomplete because of the missing fflush -- it ended in: > 0b10 - 16 06 03 55 04 0a 13 0f-47 54 45 20 43 6f 72 70 ...U....GTE Corp > 0b20 - 6f 72 61 74 69 6f 6e 31-27 30 25 06 03 55 04 0b oration1'0%..U.. > 0b30 - 13 1e 47 54 45 20 43 79-62 65 72 54 72 75 73 74 ..GTE CyberTrust > 0b40 - 20 53 6f 6c 75 74 69 6f-6e 73 2c 20 49 6e 63 When debugging to stdout, the missing end looks something like this: 0d20 - 13 1c 28 63 29 20 31 39-39 39 20 45 6e 74 72 75 ..(c) 1999 Entru 0d30 - 73 74 2e 6e 65 74 20 4c-69 6d 69 74 65 64 31 3a st.net Limited1: 0d40 - 30 38 06 03 55 04 03 13-31 45 6e 74 72 75 73 74 08..U...1Entrust 0d50 - 2e 6e 65 74 20 53 65 63-75 72 65 20 53 65 72 76 .net Secure Serv 0d60 - 65 72 20 43 er C read from 080AFCB8 [080EC461] (5558 bytes => 0 (0x0)) 1282:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:226: so there are no more trace data being exchanged after the CA cert exchange. Martin -- <[EMAIL PROTECTED]> | Fujitsu Siemens Fon: +49-89-636-46021, FAX: +49-89-636-48332 | 81730 Munich, Germany
