After I set -tls1 -servername, I can get certificate chain information. But in my code. I have used SSL_set_tlsext_host_name() to set host name, but it can not get certificate chain. On Tue, May 26, 2015 at 1:32 PM, Jeffrey Walton <noloader at gmail.com> wrote: > On Mon, May 25, 2015 at 11:17 PM, Jerry OELoo <oyljerry at gmail.com> wrote: >> Hi. >> I found there is a website which has https support. >> https://www.ib-channel.net/miegin/web/jsp/B02-01.jsp >> and browser can show its certificate chain. >> but when I use openssl to connect website, it returns fail. >> >> openssl s_client -connect www.ib-channel.net:443 >> CONNECTED(00000003) >> write:errno=104 >> --- >> no peer certificate available >> --- >> No client certificate CA names sent >> --- >> SSL handshake has read 0 bytes and written 305 bytes >> --- >> New, (NONE), Cipher is (NONE) >> Secure Renegotiation IS NOT supported >> Compression: NONE >> Expansion: NONE >> --- >> >> So what is wrong that openssl can not get website's certificate? Thanks! >> > > I'm timing out from US/New York using Apple's downlevel version of > OpenSSL (0.9.8). But I'm succeeding with the latest version of OpenSSL > (1.0.2a). (It seems to be opposite of what Patrick is experiencing). > > Also, you usually want to specify TLS and the server name. SSLv3 is > pretty much dead now. SNI also ensures the server selects the right > certificate at during channel setup. > > openssl s_client -connect www.ib-channel.net:443 \ > -tls1 -servername www.ib-channel.net > _______________________________________________ > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- Rejoice,I Desire!
