ssl - OpenSSL Command to check if a server is presenting a certificate -


i'm trying run openssl command narrow down ssl issue might when trying send outbound message our system.

i found command in topic: using openssl certificate server

openssl s_client -connect ip:port -prexit

the output of results in

connected(00000003) 15841:error:140790e5:ssl routines:ssl23_write:ssl handshake failure:s23_lib.c:188: --- no peer certificate available --- no client certificate ca names sent --- ssl handshake has read 0 bytes , written 121 bytes --- new, (none), cipher (none) secure renegotiation not supported compression: none expansion: none ---

does mean server isn't presenting certificate? tried other systems on different ip:port , present certificate successfully.

does mutual authentication affect command -prexit?

--update--

i ran command again

openssl s_client -connect ip:port -prexit

and response now

connected(00000003) write:errno=104 --- no peer certificate available --- no client certificate ca names sent --- ssl handshake has read 0 bytes , written 121 bytes --- new, (none), cipher (none) secure renegotiation not supported compression: none expansion: none ---

i added -ssl3 command

openssl s_client -connect ip:port -prexit -ssl3

response:

connected(00000003) write:errno=104 --- no peer certificate available --- no client certificate ca names sent --- ssl handshake has read 0 bytes , written 0 bytes --- new, (none), cipher (none) secure renegotiation not supported compression: none expansion: none ssl-session:     protocol  : sslv3     cipher    : 0000     session-id:      session-id-ctx:      master-key:      key-arg   : none     krb5 principal: none     start time: 1403907236     timeout   : 7200 (sec)     verify return code: 0 (ok) ---

also trying -tls1

connected(00000003) write:errno=104 --- no peer certificate available --- no client certificate ca names sent --- ssl handshake has read 0 bytes , written 0 bytes --- new, (none), cipher (none) secure renegotiation not supported compression: none expansion: none ssl-session:     protocol  : tlsv1     cipher    : 0000     session-id:      session-id-ctx:      master-key:      key-arg   : none     krb5 principal: none     start time: 1403907267     timeout   : 7200 (sec)     verify return code: 0 (ok) ---

i debugging ssl issue today resulted in same write:errno=104 error. found out reason behaviour server required sni (servername tls extensions) work correctly. supplying -servername option openssl made connect successfully:

openssl s_client -connect domain.tld:443 -servername domain.tld

hope helps.


Comments

Post a Comment

Popular posts from this blog

javascript - RequestAnimationFrame not working when exiting fullscreen switching space on Safari -

request animation frame stops working when exiting fullscreen clicking on original space's safari window. fine if fullscreen mode canceled escape key or calling cancelfullscreen(). steps reproduce: open https://dl.dropboxusercontent.com/u/769042/prezi/safari-fullscreen.html click "draw raf", kittie appears click "fullscreen", go fullscreen click "draw raf", kittie appears go space original safari was, showing "click exit fullscreen mode", click anywhere, out fullscreen click "draw raf", nothing happens what handling click calling: window.requestanimationframe(draw); which draws on canvas context: function draw() { ctx.drawimage(img, math.random()*500|0, math.random()*400|0, 100, 100); } i checked .hidden , .visibilitystate, updated correctly. tested on osx 10.9.3, safari 7.0.4 (9537.76.4). has workaround/solution other switching old settimeout? this sounds webkit bug 88940 : using reque
Read more

Python ctypes access violation with const pointer arguments -

i have api i'm trying wrap in python (2.7.6 on win7) code using ctypes. here's api: client_dllfunc bool clientapi search_exporttoclipcopy(clienthsearch handle, int channel, lpctstr filename, const time_t& from, const time_t& to, const bool* cameras, int length, bool usepassword, lpctstr password, bool includetextin = false, bool excludeplayer = false); the issue i'm having cameras argument; , i've had issue other const pointer arguments well. here's how i'm wrapping api: def search_exporttoclipcopy(self, hsearch, csearch, filename, tfrom, tto, cameras, length, usepassword, password, includetextin=true, excludeplayer=false): exporttoclipcopy = self.sdkdll.search_exporttoclipcopy exporttoclipcopy.argtypes = [c_int, c_int, c_wchar_p, c_long, c_long, pointer(c_bool), c_int, c_bool, c_wchar_p, c_bool, c_bool] exporttoclipcopy.restype = c_bool exporttoclipcopy(hsearch, csearch, filename, tfrom, tto, cameras, length, usepassword, pass
Read more