> Also, gnutls-client works correctly and lists the entire CA chain, which
would also seem to indicate the server is supplying them.
Connecting with openssl s_client as per the command you provided is not showing
the certificate chain.
openssl s_client -verify 10 -CAfile /etc/ssl/certs/Thawte_Premium_Server_CA.pem
-connect strategic.wiki.csupomona.edu:443
Try gnutls without the TLS extensions processing occurring and you will see that
the server is not sending back the certificate chain:
gnutls-cli --priority 'NONE:+VERS-SSL3.0:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL'
--debug 10 --x509cafile /etc/ssl/certs/Thawte_Premium_Server_CA.pem
strategic.wiki.csupomona.edu -p 443
This fails. You need to correct your server configuration so that it correctly
sends out the chain.
Tim.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
