Are any intermediate CA certificates involved?
No. The CA is home-made, created using OpenSSL. It has a self-signed
certificate.
This command will dump all certificates received:
openssl s_client -connect hostname:portnum -showcerts
[EMAIL PROTECTED] ~]$ openssl s_client -connect my.server.address:5432
-showcerts
CONNECTED(00000003)
4386:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:188:
If you split them into files and try:
openssl x509 -in cert.pem -dates -noout
Can't try this right now...
As for the dates, I store all my certificates with the human-readable preamble
(the -text option used with x509). Dates are OK in all of them. I dumped them
again and got the same result.
This is what I tried next:
[EMAIL PROTECTED] ~]$ openssl s_client -debug -connect
my.server.address:5432 -showcerts
CONNECTED(00000003)
write to 0x9fcb948 [0x9fcb990] (124 bytes => 124 (0x7C))
0000 - 80 7a 01 03 01 00 51 00-00 00 20 00 00 39 00 00 .z....Q...
..9..
0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0
8..5............
0020 - 00 00 33 00 00 32 00 00-2f 00 00 07 05 00 80 03
..3..2../.......
0030 - 00 80 00 00 05 00 00 04-01 00 80 00 00 15 00 00
................
0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08 [EMAIL
PROTECTED]
0050 - 00 00 06 04 00 80 00 00-03 02 00 80 64 70 9c 33
............dp.3
0060 - 54 71 07 96 37 d8 e5 9c-22 01 5b 19 60 9f d0 1f
Tq..7...".[.`...
0070 - a3 43 82 8d 51 2d eb bc-c8 84 1c bb .C..Q-......
read from 0x9fcb948 [0x9fd0ef0] (7 bytes => 0 (0x0))
4407:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:188:
A local IP connection directly on the server fails the same way, too. (Non-SSL
IP connections to the database do work, however.)
What should I try now? If you want me to carry out further experiments, just
let me know.
Andrej
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
