Hi all, no one has seen this as well? I've seen other mails fly by on openssl-users after I posted this, yet no response to my query, nor to a previous mail I sent (about pkcs7). Should I file bug reports instead? thx, JJK / Jan Just Keijser Jan Just Keijser wrote: > hi all, > > I've just run into something weird with openssl 1.0.1 and > s_client+s_server: > > - I've downloaded and compiled a static version of openssl 1.0.1t on > Linux > - I've set up a PKI with a ca.crt file and a server.crt/server.key > keypair > - next , I run > > ~/src/openssl-1.0.1t/apps/openssl s_server -CAfile ca.crt -cert > server.crt -key server.key -dhparam dh2048.pem > > - then, with s_client > > ~/src/openssl-1.0.1t/apps/openssl s_client -CAfile ca.crt -connect > 127.0.0.1:4433 > > and I always end up with > > Verify return code: 21 (unable to verify the first certificate) > > If I either change s_server *or* s_client to use openssl 0.9.8 then > the above commands work! > > What am I missing here? > > > TIA, > > JJK / Jan Just Keijser >
