Home > OS >  openssl s_server mutual TLS
openssl s_server mutual TLS

Time:02-13

I can use the openssl s_server command to accept TLS sessions from clients, and to require mutual TLS - i.e. request client certificate - using a command such as: -

openssl s_server -accept 4433 -cert myCert.crt -key -myKey.pem -Verify 2 -CAfile myCA.crt

When I connect from a client, I can see from tracing that s_client sends a certificate request, correctly stipulating the certificate contained within myCA.crt. However it seems that s_server will accept any client certificate, regardless of whether it was signed by myCA.crt or not - i.e. it doesn't care which client cert is sent.

Does anyone know if this is expected behaviour, or am I doing something wrong?

CodePudding user response:

openssl s_server and s_client by default verify the peers certificate and show the verification status but don't stop on errors. If this is necessary use the -verify_return_error option.

Page link:https//www.codepudding.com/os/298689.html

Prev:In Haskell, Can Kinds Be Anything Other Than a Sequence of Stars?
Next:Module not found: Can't resolve '@material/core/Grid'
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding