> we are using openssl in an environment with a Windows 2003 PKI/CA. > OpenSSL together with OpenLDAP shall be used to provide Single Sign On. > This is working as long as the servers public key on the Windows AD > server is not getting larger than 1024 bit. > > I have tested the following commands with openssl 0.9.8d and 0.9.8e on > SuSE Linux and Windows XP. > > > This is the typical result if i try to connect to a server with a key > larger than 1024 bit: > > # openssl s_client -connect 10.17.1.1:636 > CONNECTED(00000003) > depth=1 /DC=local/DC=customer/CN=customer Issuing CA 01 > verify error:num=20:unable to get local issuer certificate > verify return:0 > 21981:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake > failure:s23_lib.c:226:
I can't reproduce it with neither 2048- or 4096-bit self-signed certificates. Could submit complete 'openssl s_client -connect 10.17.1.1:636 -debug' output from failing attempt? A. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
