On Sat, Jan 31, 2015 at 03:34:35PM -0700, LuKreme wrote:
> Since I am not seeing a load of these, I am assuming this is indicating the
> error is on the other end?
>
> TLS library problem: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert
> bad certificate:s3_pkt.c:1293:SSL alert number 42:
Was there a good reason to remove the beginning of the log message?
The IP address of the peer?
The peer send an SSL alert indicating it is unhappy about your
certificate. Presumably, you're on the server end, and the peer
does not like your certificate contents.
Whether this is your fault or not, depends on whether my assumptions
are correct, and whether the peer can legitimately expect to be
able to verify your certificate.
Some peers tolerate untrusted certificates, but don't tolerate
"expired" certificates. Rather lame, but the solution is to set
expiration times of self-signed certs very far into the future.
Say the year 2357 (a nice prime). If you really want nerd-cred,
set the expiration date to Mar 14th or June 28th. :-)
--
Viktor.
