hi all, I've just run into something weird with openssl 1.0.1 and s_client+s_server: - I've downloaded and compiled a static version of openssl 1.0.1t on Linux - I've set up a PKI with a ca.crt file and a server.crt/server.key keypair - next , I run ~/src/openssl-1.0.1t/apps/openssl s_server -CAfile ca.crt -cert server.crt -key server.key -dhparam dh2048.pem - then, with s_client ~/src/openssl-1.0.1t/apps/openssl s_client -CAfile ca.crt -connect 127.0.0.1:4433 and I always end up with Verify return code: 21 (unable to verify the first certificate) If I either change s_server *or* s_client to use openssl 0.9.8 then the above commands work! What am I missing here? TIA, JJK / Jan Just Keijser
