I am trying to generate a slient program will SSLeary and openssl. I seem to be able to connect to the server and send the authorization (basic is required) with problems but the certificate is never trusted, nor can I get the index html page. Instead I get insufficient key size html document. I've tried setting the cipher to all possible ssl2 ciphers to no avail. I need to use -ssl2 or the connect never completes successfully. I compile OpenSSL 0.9.6c 21 dec 2001 and rans all test successfull on a sparc 5 solaris 2.7 with gcc 3.x . Is the certificate verify stopping a successful connection?
Thanks, any help is appreciated. Mark A transcript is the following: bash-2.05$ openssl s_client -connect autonet.va.autometric.com:443 -ssl2 CONNECTED(00000004) depth=0 /C=US/ST=Virginia/L=Springfield/O=Autometric Inc./OU=Information Technology Services/OU=Terms of use at www.ver isign.com/rpa (c)00/CN=autonet.va.autometric.com verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /C=US/ST=Virginia/L=Springfield/O=Autometric Inc./OU=Information Technology Services/OU=Terms of use at www.ver isign.com/rpa (c)00/CN=autonet.va.autometric.com verify error:num=27:certificate not trusted verify return:1 depth=0 /C=US/ST=Virginia/L=Springfield/O=Autometric Inc./OU=Information Technology Services/OU=Terms of use at www.ver isign.com/rpa (c)00/CN=autonet.va.autometric.com verify error:num=21:unable to verify the first certificate verify return:1 --- Server certificate -----BEGIN CERTIFICATE----- MIIFvjCCBSegAwIBAgIQHUCKzBkocA6UrDiJo19R7TANBgkqhkiG9w0BAQQFADCB ujEfMB0GA1UEChMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVy aVNpZ24sIEluYy4xMzAxBgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2Vy dmVyIENBIC0gQ2xhc3MgMzFJMEcGA1UECxNAd3d3LnZlcmlzaWduLmNvbS9DUFMg SW5jb3JwLmJ5IFJlZi4gTElBQklMSVRZIExURC4oYyk5NyBWZXJpU2lnbjAeFw0w MTA1MDQwMDAwMDBaFw0wMjA1MzEyMzU5NTlaMIHTMQswCQYDVQQGEwJVUzERMA8G A1UECBMIVmlyZ2luaWExFDASBgNVBAcUC1NwcmluZ2ZpZWxkMRgwFgYDVQQKFA9B dXRvbWV0cmljIEluYy4xKDAmBgNVBAsUH0luZm9ybWF0aW9uIFRlY2hub2xvZ3kg U2VydmljZXMxMzAxBgNVBAsUKlRlcm1zIG9mIHVzZSBhdCB3d3cudmVyaXNpZ24u Y29tL3JwYSAoYykwMDEiMCAGA1UEAxQZYXV0b25ldC52YS5hdXRvbWV0cmljLmNv bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAm9mjObk6Zgb10TycoACI0XiS u0gXoGgfdkwh1t3ipk63sZZHmclg7LILLqsg8U/yzeWi67KR+74ytAfIWj1Zgh/S RBxTIhrC0uv9hK82+acT6stalQKZ7plxpLAP/ahCxOOEmyfU8Iz8+n3DlATjbzQb BGZsfir1UjnQwV3vJvcCAwEAAaOCAqgwggKkMAkGA1UdEwQCMAAwggIfBgNVHQME ggIWMIICEjCCAg4wggIKBgtghkgBhvhFAQcBATCCAfkWggGnVGhpcyBjZXJ0aWZp Y2F0ZSBpbmNvcnBvcmF0ZXMgYnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBz dHJpY3RseSBzdWJqZWN0IHRvLCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQ cmFjdGljZSBTdGF0ZW1lbnQgKENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93 d3cudmVyaXNpZ24uY29tL0NQUzsgYnkgRS1tYWlsIGF0IENQUy1yZXF1ZXN0c0B2 ZXJpc2lnbi5jb207IG9yIGJ5IG1haWwgYXQgVmVyaVNpZ24sIEluYy4sIDI1OTMg Q29hc3QgQXZlLiwgTW91bnRhaW4gVmlldywgQ0EgOTQwNDMgVVNBIFRlbC4gKzEg KDQxNSkgOTYxLTg4MzAgQ29weXJpZ2h0IChjKSAxOTk2IFZlcmlTaWduLCBJbmMu ICBBbGwgUmlnaHRzIFJlc2VydmVkLiBDRVJUQUlOIFdBUlJBTlRJRVMgRElTQ0xB SU1FRCBhbmQgTElBQklMSVRZIExJTUlURUQuoA4GDGCGSAGG+EUBBwEBAaEOBgxg hkgBhvhFAQcBAQIwLDAqFihodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcmVwb3Np dG9yeS9DUFMgMBEGCWCGSAGG+EIBAQQEAwIGQDAUBgNVHSUEDTALBglghkgBhvhC BAEwMAYKYIZIAYb4RQEGBwQiFiA2MTA4ZDEzZWQ0YWY5Mzc2ZmNmN2E4NjU5MTUy MTk1MzAZBgpghkgBhvhFAQYPBAsWCTA4MzY1NDYxNjANBgkqhkiG9w0BAQQFAAOB gQA95wRAkoblU4HNDEsX2yEexGOedbYARoz1YlazpjliC6T+KpZYkxJMxhBif40h Q1/ojzNPqxS1kcd77hdUJUD1CWb6Es0N6xpeTVCVb791Dh9irxRbuB+DbAdXZIeP qIW4TiR5ZheXD1TZ6RieNeNFC3dDxdRUJnQSSj4qVuLmwg== -----END CERTIFICATE----- subject=/C=US/ST=Virginia/L=Springfield/O=Autometric Inc./OU=Information Technology Services/OU=Terms of use at www.ver isign.com/rpa (c)00/CN=autonet.va.autometric.com issuer=/O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International Server CA - Class 3/OU=www.verisign.com/CP S Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign --- No client certificate CA names sent --- Ciphers common between both SSL endpoints: RC4-MD5 EXP-RC4-MD5 RC2-CBC-MD5 EXP-RC2-CBC-MD5 DES-CBC-MD5 DES-CBC3-MD5 --- SSL handshake has read 1607 bytes and written 242 bytes --- New, SSLv2, Cipher is DES-CBC3-MD5 Server public key is 1024 bit SSL-Session: Protocol : SSLv2 Cipher : DES-CBC3-MD5 Session-ID: 06777312619B9ADE05EAABB9E2AA6C15 Session-ID-ctx: Master-Key: F56EAFF8608CD7D6BD57F309FF7E51672D7D16CF1D8E6A2A Key-Arg : BE8453F63ACB1BC9 Start Time: 1011372100 Timeout : 300 (sec) Verify return code: 21 (unable to verify the first certificate) --- GET / HTTP/1.0 Authorization: Basic <removed for security considerations>= HTTP/1.0 403 Forbidden Proxy-agent: Netscape-Proxy/3.52 Date: Fri, 18 Jan 2002 16:45:44 GMT Content-type: text/html <title>Insufficient encryption</title><h1>Insufficient encryption</h1> This document requires a larger secret key size for encryption than your browser is capable of supporting. <HTML><HEAD><TITLE>Forbidden</TITLE></HEAD> <BODY><H1>Forbidden</H1> The proxy's access control configuration denies access to the requested object through this proxy. </BODY></HTML>closed ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]