Re: resumption problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Mar 23, 2020 at 11:46:43PM +0000, Jeremy Harris wrote:
> OpenSSL 1.1.1  on Centos 8
> Ticket-based resumption
> 
> 
> I'm getting a repeatable error from a client call to SSL_connect()
> of "14228044:SSL routines:construct_ca_names:internal error".
> 
> Packet capture shows an Alert being sent by the client before
> anything is received from the server.
> 
> The error only occurs when the client is trying to resume
> a previous session, and (here's the odd part) only when
> the client is set up to offer a client certificate.
> 
> [I can change the client config to stop it offering this
> client-cert, and the resumption works just fine]
> 
> 
> I *think* possibly also the precise nature of that client cert
> matters; a testcase I set up away from my production
> system failed to induce the error.  The client cert
> is loaded using SSL_CTX_use_certificate_chain_file();
> the file contains a private-key and a 3-element chain
> with a Lets Encrypt cert (leaf, signer, CA-root).
> The CA is sha1/rsa, the other two are sha256/rsa.

Try omitting the (sha1) CA from the file?

-Ben



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux