> On Jan 29, 2017, at 11:34 AM, russellbell@xxxxxxxxx wrote: > > What does this message mean? That I failed to send a client > certificate CA name? That I failed to receive one? I run > > $ openssl s_client -certform gmail.pem -key gmail.key \ > -CAfile cacert.pem -debug -verify 10 -connect smtp.gmail.com:465 > > I don't see the an argument to send a client certificate CA name in > s_client's man page. The list of "client certificate CA names" is optionally sent by servers when requesting client certificates. It is normal for no such list to be sent, and it is often wise to send an empty list when requesting client certificates. All this is controlled on the server side. -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
