Re: is there any working example of how to use verify_hostname in command line?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, Mar 03, 2022 at 08:05:34PM -0800, Edward Tsang via openssl-users wrote:
> Ok here is what I tried but still complaining about unknown options
> -verify_hostname

> openssl s_client -connect google.com -CAfile etc/auth/cacert.pem -verify_hostname google.com -verify_return_error

Perhaps you're using some other "openssl" that isn't from the
OpenSSL project, or an OpenSSL version that predates 1.0.2 which
introduced the "verify_hostname" option.

With the real OpenSSL 1.1.1 I get:

    $ openssl s_client -connect google.com:443 -CAfile /etc/ssl/cert.pem -verify_hostname google.com -verify_return_error -brief </dev/null; echo $?
    CONNECTION ESTABLISHED
    Protocol version: TLSv1.3
    Ciphersuite: TLS_AES_256_GCM_SHA384
    Peer certificate: CN = *.google.com
    Hash used: SHA256
    Signature type: ECDSA
    Verification: OK
    Verified peername: google.com
    Server Temp Key: X25519, 253 bits
    DONE
    0

What does "openssl version -a" report?

-- 
    Viktor.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux